Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: found virus - takeover of search engine


(!)

bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
13-Aug-2012, 02:23 AM #1
found virus - takeover of search engine
Problem:

My 13 year old son is a beginning gamer and has downloaded all kinds of trojans, virus and takeover software on my PC.

I'm attempting to clean it all up using TSG.

Below is the info you requested.

thanks,
bob




here's my system:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: AMD Phenom(tm) II X4 810 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 5887 Mb
Graphics Card: ATI Radeon HD 5450, 512 Mb
Hard Drives: C: Total - 936359 MB, Free - 864025 MB; E: Total - 152617 MB, Free - 21034 MB;
Motherboard: Gateway, RS780
Antivirus: Microsoft Security Essentials, Updated and Enabled

---------------------------------------------------------------------------------------------------------

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions

-------------------------------------------------------------------------------------------------------------

1) HijackThis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:09 PM, on 8/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\WhatPulse\WhatPulse.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...9u985408l17472
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3198785
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...9u985408l17472
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={72A4EB45-B58E-11E1-BB3F-90FBA6492CD1}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
R3 - URLSearchHook: WhiteSmoke US Toolbar - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
O1 - Hosts: 216.239.32.20 www.google.de # bck9
O1 - Hosts: 216.239.32.20 www.google.dk # bck9
O1 - Hosts: 216.239.32.20 www.google.es # bck9
O1 - Hosts: 216.239.32.20 www.google.fi # bck9
O1 - Hosts: 216.239.32.20 www.google.fr # bck9
O1 - Hosts: 216.239.32.20 www.google.it # bck9
O1 - Hosts: 216.239.32.20 www.google.lt # bck9
O1 - Hosts: 216.239.32.20 www.google.lv # bck9
O1 - Hosts: 216.239.32.20 www.google.nl # bck9
O1 - Hosts: 216.239.32.20 www.google.pl # bck9
O1 - Hosts: 216.239.32.20 www.google.pt # bck9
O1 - Hosts: 216.239.32.20 www.google.ro # bck9
O1 - Hosts: 216.239.32.20 www.google.ru # bck9
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InternetHelper - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: WhiteSmoke US - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
O3 - Toolbar: WhiteSmoke US Toolbar - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Windows Home Server.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HPMSSConnectorService (HPMSSConnectorSvc) - HP - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: MediaCollectorService - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16324 bytes


--------------------------------------------
2. Copy and paste the contents of the DDS.txt file


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Gateway at 18:04:33 on 2012-08-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.2674 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\WhatPulse\WhatPulse.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Gateway\Gateway Updater\alu.exe
C:\Windows\system32\taskhost.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={72A4EB45-B58E-11E1-BB3F-90FBA6492CD1}
uURLSearchHooks: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
mURLSearchHooks: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
mWinlogon: Userinit=userinit.exe
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AD811550-F883-428A-A036-A346B5E500A4} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
BHO-X64: CrossriderApp0003491 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64: DefaultTabBHO - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
BHO-X64: InternetHelper - No File
BHO-X64: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
BHO-X64: WhiteSmoke US - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
TB-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3237160&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Gateway\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\{9d0f7eb2-452d-4766-b535-8d23e36c300e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, eed588e4-6889-4bbe-98bc-a96b805bc761
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-22 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Gateway\AppData\Roaming\DefaultT ab\DefaultTab\DTUpdate.exe [2012-8-1 107520]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 HPMSSConnectorSvc;HPMSSConnectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-5 20992]
R2 MediaCollectorService;MediaCollectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-5-18 563200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
.
=============== Created Last 30 ================
.
2012-08-13 01:03:57 388096 ----a-r- C:\Users\Gateway\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-13 01:03:56 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-13 00:33:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{237C8975-F16F-4925-9E3B-893291D738A2}\offreg.dll
2012-08-13 00:13:34 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{237C8975-F16F-4925-9E3B-893291D738A2}\mpengine.dll
2012-08-12 22:37:12 -------- d-----w- C:\Program Files (x86)\Windows Home Server
2012-08-12 22:37:10 -------- d-----w- C:\Program Files\Windows Home Server
2012-08-12 20:58:35 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-05 04:52:40 -------- d-----w- C:\Users\Gateway\AppData\Roaming\.minecraft
2012-08-01 23:49:39 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-08-01 23:49:39 525576 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-01 23:48:48 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_US
2012-08-01 23:48:40 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-08-01 23:48:38 -------- d-----w- C:\Users\Gateway\AppData\Local\The Weather Channel
2012-08-01 23:48:34 -------- d-----w- C:\Users\Gateway\AppData\Local\Vid-Saver
2012-08-01 23:48:30 -------- d-----w- C:\Program Files (x86)\Vid-Saver
2012-08-01 23:47:00 -------- d-----w- C:\Users\Gateway\AppData\Roaming\.techniclauncher
2012-08-01 23:45:33 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-08-01 23:45:31 -------- d-----w- C:\ProgramData\Tarma Installer
2012-08-01 23:45:28 -------- d-----w- C:\Users\Gateway\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-08-01 23:45:27 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-08-01 23:45:17 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-01 23:45:15 -------- d-----w- C:\Users\Gateway\AppData\Local\Conduit
2012-08-01 23:45:14 -------- d-----w- C:\Program Files (x86)\InternetHelper
2012-08-01 23:45:04 -------- d-----w- C:\Users\Gateway\AppData\Local\CRE
2012-08-01 23:44:56 -------- d-----w- C:\Users\Gateway\AppData\Roaming\Free Download Manager
2012-08-01 23:44:52 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2012-08-01 23:40:55 -------- d-----w- C:\Program Files (x86)\DefaultTab
2012-08-01 23:40:48 -------- d-----w- C:\Users\Gateway\AppData\Roaming\DefaultTab
2012-08-01 23:40:44 -------- d-----w- C:\ProgramData\W3i
2012-08-01 23:40:44 -------- d-----w- C:\Program Files (x86)\W3i
2012-08-01 23:40:27 -------- d-----w- C:\ProgramData\WeCareReminder
2012-07-27 21:27:43 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-26 21:28:10 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-26 21:27:58 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-26 16:25:18 -------- d-----w- C:\Program Files (x86)\Aeria Games
2012-07-22 17:48:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-07-22 17:48:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-07-22 17:48:04 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-07-22 17:48:04 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-07-22 17:48:04 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-07-22 17:48:04 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-07-22 17:48:03 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-07-22 17:48:03 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-07-22 17:48:02 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2012-07-22 17:48:02 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-07-22 17:48:00 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2012-07-22 17:48:00 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-07-22 17:47:59 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2012-07-22 17:47:59 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-07-22 17:22:27 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-07-22 17:22:24 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-07-22 16:48:12 -------- d-----w- C:\Users\Gateway\AppData\Roaming\WhatPulse
2012-07-22 16:48:11 -------- d-----w- C:\Program Files (x86)\WhatPulse
2012-07-21 01:45:44 -------- d-----w- C:\Users\Gateway\AppData\Local\Ubisoft Game Launcher
2012-07-21 01:42:26 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-21 01:42:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-21 01:39:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll
2012-07-20 23:55:05 -------- d-----w- C:\Users\Gateway\AppData\Local\Macromedia
2012-07-20 23:47:48 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-07-20 23:47:46 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-20 23:46:09 -------- d-----w- C:\Users\Gateway\AppData\Local\Mozilla
2012-07-19 05:34:02 -------- d-----w- C:\Users\Gateway\AppData\Local\Aeria Games
2012-07-19 02:41:18 -------- d-----w- C:\Users\Gateway\AppData\Local\Microsoft Games
2012-07-19 02:15:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-07-19 02:05:14 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-07-19 02:05:02 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-19 02:04:53 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-07-17 04:30:58 -------- d-----w- C:\Windows Home Server Drivers for Restore
.
==================== Find3M ====================
.
2012-08-03 02:55:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 02:55:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 04:28:13 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:06:14.60 ===============

-----------------------------------------------------------------------------------------------------

3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions

see attached
DaveBurnett's Avatar
DaveBurnett   (Dave) DaveBurnett is offline DaveBurnett is a Trusted Advisor with special permissions. DaveBurnett has a Profile Picture
Computer Specs
Trusted Advisor with 9,864 posts.
 
Join Date: Nov 2002
Location: Polesworth, UK
Experience: Advanced
16-Aug-2012, 03:23 AM #2
I can understand why it has taken a while for you to get a response. That is quite a lot of stuff there and not easy to unravel and not all of it good. Some of the things there I have never seen before so I would have to research.
Unfortunately I'm not qualified on this forum to help, as the malware people all do special courses as a lot of the advice can be dangerous to your machine.
I do think someone has looked at it but possibly been overwhelmed by later posts.
Now I have replied it will go back to the top. If it drops to below page two without a response, politely add a "bump" post.
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
16-Aug-2012, 06:27 AM #3
Hi Dave
Thanks for the advice.

Can you tell me what a bump post is and the best to do it?
DaveBurnett's Avatar
DaveBurnett   (Dave) DaveBurnett is offline DaveBurnett is a Trusted Advisor with special permissions. DaveBurnett has a Profile Picture
Computer Specs
Trusted Advisor with 9,864 posts.
 
Join Date: Nov 2002
Location: Polesworth, UK
Experience: Advanced
16-Aug-2012, 06:39 AM #4
It is just a reply to your post. Whenever someone replies, it takes the time from the reply when showing posts in "newest first" sequence. But don't abuse it or a moderator will jump in and kill it.
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
16-Aug-2012, 11:41 AM #5
Hi this a polite "bump" as its been several days and a PayPal donation. Still awaiting some TSG help.

thanks in advance.

Bob
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
16-Aug-2012, 04:16 PM #6
can someone recommend comboFix.exe? Just want to know if its safe before I run it.
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
16-Aug-2012, 07:11 PM #7
OK, well, no response here on TSG so I went ahead and ran ComboFix. Below is the log file. Anyone want to take a shot at looking at it and tell me if any further action is needed?


ComboFix 12-08-16.01 - Gateway 08/16/2012 14:52:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3885 [GMT -7:00]
Running from: c:\users\Gateway\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Uninstall.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\users\Gateway\AppData\Local\Vid-Saver
c:\users\Gateway\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\bing.ico
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\google.ico
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xu l
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\install.rdf
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\ extensions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\Gateway\Desktop\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 22:02 . 2012-08-16 22:02 -------- d-----w- c:\users\Nico\AppData\Local\temp
2012-08-16 22:02 . 2012-08-16 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 18:57 . 2012-08-16 20:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-16 16:00 . 2012-08-16 16:00 -------- d-----w- c:\users\Public\OEM
2012-08-16 09:42 . 2012-08-16 09:42 -------- d-----w- C:\Windows Home Server Drivers for Restore
2012-08-15 18:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9686DDA-F6BC-4063-A9F4-33BA51601607}\mpengine.dll
2012-08-15 13:56 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 13:56 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 13:56 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 13:56 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 13:56 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 13:56 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 13:55 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 13:55 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 13:55 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 13:55 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 13:55 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 13:55 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 19:55 . 2012-08-14 19:55 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-14 16:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-13 16:56 . 2012-08-13 16:56 -------- d-----w- c:\users\Gateway\AppData\Local\LogMeIn Rescue Applet
2012-08-13 01:03 . 2012-08-13 01:03 388096 ----a-r- c:\users\Gateway\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-13 01:03 . 2012-08-13 01:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files (x86)\Windows Home Server
2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files\Windows Home Server
2012-08-05 04:52 . 2012-08-05 04:53 -------- d-----w- c:\users\Gateway\AppData\Roaming\.minecraft
2012-08-03 02:00 . 2012-08-03 04:34 -------- d-----w- c:\users\Nico\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-08-01 23:49 . 2012-08-01 23:49 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-01 23:49 . 2012-08-01 23:49 525576 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-01 23:49 . 2012-08-01 23:49 191240 ----a-w- c:\windows\system32\javaws.exe
2012-08-01 23:40 . 2012-08-01 23:41 -------- d-----w- c:\program files (x86)\DefaultTab
2012-08-01 23:40 . 2012-08-01 23:40 -------- d-----w- c:\program files (x86)\7-zip
2012-08-01 23:40 . 2012-08-16 22:00 -------- d-----w- c:\users\Gateway\AppData\Roaming\DefaultTab
2012-08-01 23:40 . 2012-08-13 07:23 -------- d-----w- c:\programdata\WeCareReminder
2012-07-31 22:55 . 2012-07-31 22:56 -------- d-----w- c:\users\Olivia
2012-07-27 21:27 . 2012-07-27 21:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-26 21:28 . 2012-07-26 21:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-26 21:27 . 2012-07-26 21:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-26 16:25 . 2012-07-26 16:25 -------- d-----w- c:\program files (x86)\Aeria Games
2012-07-23 16:43 . 2012-07-23 16:44 -------- d-----w- c:\users\Nico\AppData\Local\Ubisoft Game Launcher
2012-07-22 19:53 . 2012-07-22 19:59 -------- d-----w- c:\users\Nico\AppData\Roaming\WhatPulse
2012-07-22 17:48 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-07-22 17:48 . 2010-06-02 11:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-07-22 17:48 . 2010-06-02 11:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-07-22 17:48 . 2010-06-02 11:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-07-22 17:48 . 2010-05-26 18:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-22 17:47 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-07-22 17:47 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-07-22 16:54 . 2012-07-22 16:54 -------- d-----w- c:\windows\Sun
2012-07-22 16:48 . 2012-07-22 16:55 -------- d-----w- c:\users\Gateway\AppData\Roaming\WhatPulse
2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\program files (x86)\WhatPulse
2012-07-21 01:45 . 2012-07-21 01:48 -------- d-----w- c:\users\Gateway\AppData\Local\Ubisoft Game Launcher
2012-07-21 01:45 . 2012-07-21 01:45 -------- d-----w- c:\programdata\Ubisoft
2012-07-21 01:42 . 2012-07-21 01:42 -------- d-----w- c:\program files (x86)\Ubisoft
2012-07-21 01:42 . 2012-07-21 01:42 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-21 01:42 . 2012-07-21 01:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-21 01:39 . 2006-11-29 20:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
2012-07-20 23:55 . 2012-07-20 23:55 -------- d-----w- c:\users\Gateway\AppData\Local\Macromedia
2012-07-20 23:47 . 2012-08-02 20:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-20 23:47 . 2012-08-16 22:04 -------- d-----w- c:\program files (x86)\Steam
2012-07-20 23:46 . 2012-07-20 23:46 -------- d-----w- c:\users\Gateway\AppData\Local\Mozilla
2012-07-19 05:34 . 2012-07-19 05:34 -------- d-----w- c:\users\Gateway\AppData\Local\Aeria Games
2012-07-19 02:41 . 2012-07-19 02:41 -------- d-----w- c:\users\Gateway\AppData\Local\Microsoft Games
2012-07-19 02:15 . 2012-07-19 02:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-07-19 02:05 . 2012-07-19 02:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-07-19 02:05 . 2012-07-19 02:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-19 02:04 . 2012-07-19 02:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-07-19 01:42 . 2012-07-19 01:42 -------- d-----w- c:\users\Guest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 19:55 . 2012-05-05 22:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 19:55 . 2012-05-05 22:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46 . 2012-04-19 04:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 04:28 . 2012-06-13 04:28 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-09 05:30 . 2012-07-11 21:36 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:50 . 2012-07-11 21:36 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:50 . 2012-07-11 21:36 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 21:36 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 21:36 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-21 17:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 17:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 17:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:38 . 2012-07-11 21:36 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 21:36 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 21:36 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 21:36 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 21:36 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 21:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 21:36 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 21:36 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 21:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d0f7eb2-452d-4766-b535-8d23e36c300e}"= "c:\program files (x86)\InternetHelper\prxtbInte.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9d0f7eb2-452d-4766-b535-8d23e36c300e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9d0f7eb2-452d-4766-b535-8d23e36c300e}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\InternetHelper\prxtbInte.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9d0f7eb2-452d-4766-b535-8d23e36c300e}"= "c:\program files (x86)\InternetHelper\prxtbInte.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9d0f7eb2-452d-4766-b535-8d23e36c300e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-08-02 5661056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-8-12 666992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-06-22 714752]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PCDSRVC{FCB8192B-340B18D0-06020101}_0;PCDSRVC{FCB8192B-340B18D0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\bin\pcdsrv c_x64.pkms [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-07-03 452128]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-02-13 108304]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2012-02-13 2122000]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-15 393216]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 19:55]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000Core.job
- c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000UA.job
- c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
.
2012-08-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1d0b0e93-2507-453c-bfa8-379645e4128e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20b8a137-78c3-402f-bf94-8f372a6a81ae.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
"combofix"="c:\combofix\CF24806.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3237160&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
Toolbar-Locked - (no file)
AddRemove-DefaultTab - c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{FCB8192B-340B18D0-06020101}_0]
"ImagePath"="\??\c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\ bin\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.ex e,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-08-16 15:20:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 22:20
.
Pre-Run: 846,051,241,984 bytes free
Post-Run: 845,913,120,768 bytes free
.
- - End Of File - - 0FC5F8F8659F7E2DF00761AECD76B73D
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
16-Aug-2012, 10:31 PM #8
Hi,

Sorry for any delay but as you can see we are very busy here.

Please download aswMBR to your desktop.
  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If asked whether you would like to update the Avast virus database please do.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
17-Aug-2012, 12:16 AM #9
OK, thanks for the reply Jeff.

Here is the scan you requested.

quick question.....I'm running Microsoft Essentials, SuperAntiSpyware, and Malwarebytes manually. Should I install Avast- full version?


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 20:48:46
-----------------------------
20:48:46.230 OS Version: Windows x64 6.1.7600
20:48:46.230 Number of processors: 4 586 0x402
20:48:46.231 ComputerName: GATEWAY-PC UserName: Gateway
20:48:47.698 Initialize success
20:50:48.778 AVAST engine defs: 12081601
20:51:19.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:51:19.013 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
20:51:19.019 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
20:51:19.024 Disk 1 Vendor: MAXTOR_STM3160815AS 3.AAD Size: 152627MB BusType: 3
20:51:19.047 Disk 0 MBR read successfully
20:51:19.050 Disk 0 MBR scan
20:51:19.138 Disk 0 unknown MBR code
20:51:19.140 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
20:51:19.182 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
20:51:19.208 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432
20:51:19.260 Disk 0 scanning C:\Windows\system32\drivers
20:51:30.527 Service scanning
20:51:57.006 Modules scanning
20:51:57.028 Disk 0 trace - called modules:
20:51:57.057 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:51:57.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006249790]
20:51:57.068 3 CLASSPNP.SYS[fffff880018b143f] -> nt!IofCallDriver -> [0xfffffa8005cb08d0]
20:51:57.073 5 ACPI.sys[fffff88000e9c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061b3060]
20:51:58.445 AVAST engine scan C:\Windows
20:52:02.383 AVAST engine scan C:\Windows\system32
20:55:45.558 AVAST engine scan C:\Windows\system32\drivers
20:56:01.224 AVAST engine scan C:\Users\Gateway
21:04:00.626 AVAST engine scan C:\ProgramData
21:05:11.462 Scan finished successfully
21:13:54.762 Disk 0 MBR has been saved successfully to "C:\Users\Gateway\Desktop\MBR.dat"
21:13:54.836 The log file has been saved successfully to "C:\Users\Gateway\Desktop\aswMBR.txt"
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
17-Aug-2012, 09:51 AM #10
Hi,

Quote:
Should I install Avast- full version?
No let's hold off on that for a bit.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
    Quote:

    ClearJavaCache::

    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={72A4EB45-B58E-11E1-BB3F-90FBA6492CD1}
    uURLSearchHooks: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    mURLSearchHooks: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    BHO-X64: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO-X64: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    BHO-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    BHO-X64: WhiteSmoke US - No File
    BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB-X64: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    TB-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun-x64: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

    Firefox::
    FF - ProfilePath - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3237160&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

    Folder::
    C:\Program Files (x86)\SweetIM
    C:\Program Files (x86)\WhiteSmoke_US
    C:\Program Files (x86)\Conduit
    C:\Users\Gateway\AppData\Local\Conduit
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
17-Aug-2012, 01:46 PM #11
Hi Jeff-

Here is the log you requested:


ComboFix 12-08-17.03 - Gateway 08/17/2012 10:09:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4487 [GMT -7:00]
Running from: c:\users\Gateway\Desktop\ComboFix.exe
Command switches used :: c:\users\Gateway\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\InternetHelper\prxtbInte.dll
c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
c:\users\Gateway\AppData\Local\Conduit
c:\users\Gateway\AppData\Local\Conduit\CT3237160\InternetHelperAutoUpdateHe lper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 17:17 . 2012-08-17 17:17 -------- d-----w- c:\users\Nico\AppData\Local\temp
2012-08-17 17:17 . 2012-08-17 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 13:01 . 2012-08-17 13:01 -------- d-----w- c:\users\Gateway\AppData\Roaming\Canneverbe Limited
2012-08-17 13:01 . 2012-08-17 13:01 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-17 13:01 . 2012-08-17 13:01 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-08-16 22:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D89F875D-961D-4462-BD41-B447C271A766}\mpengine.dll
2012-08-16 18:57 . 2012-08-16 20:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-16 16:00 . 2012-08-16 16:00 -------- d-----w- c:\users\Public\OEM
2012-08-15 18:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 13:56 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 13:56 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 13:56 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 13:56 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 13:56 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 13:56 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 13:55 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 13:55 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 13:55 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 13:55 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 13:55 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 13:55 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 19:55 . 2012-08-14 19:55 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-13 16:56 . 2012-08-13 16:56 -------- d-----w- c:\users\Gateway\AppData\Local\LogMeIn Rescue Applet
2012-08-13 01:03 . 2012-08-13 01:03 388096 ----a-r- c:\users\Gateway\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-13 01:03 . 2012-08-13 01:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files (x86)\Windows Home Server
2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files\Windows Home Server
2012-08-05 04:52 . 2012-08-05 04:53 -------- d-----w- c:\users\Gateway\AppData\Roaming\.minecraft
2012-08-03 02:00 . 2012-08-03 04:34 -------- d-----w- c:\users\Nico\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-08-01 23:49 . 2012-08-01 23:49 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-01 23:40 . 2012-08-01 23:41 -------- d-----w- c:\program files (x86)\DefaultTab
2012-08-01 23:40 . 2012-08-01 23:40 -------- d-----w- c:\program files (x86)\7-zip
2012-08-01 23:40 . 2012-08-16 22:00 -------- d-----w- c:\users\Gateway\AppData\Roaming\DefaultTab
2012-08-01 23:40 . 2012-08-13 07:23 -------- d-----w- c:\programdata\WeCareReminder
2012-07-31 22:55 . 2012-07-31 22:56 -------- d-----w- c:\users\Olivia
2012-07-27 21:27 . 2012-07-27 21:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-26 21:28 . 2012-07-26 21:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-26 21:27 . 2012-07-26 21:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-26 16:25 . 2012-07-26 16:25 -------- d-----w- c:\program files (x86)\Aeria Games
2012-07-23 16:43 . 2012-07-23 16:44 -------- d-----w- c:\users\Nico\AppData\Local\Ubisoft Game Launcher
2012-07-22 19:53 . 2012-07-22 19:59 -------- d-----w- c:\users\Nico\AppData\Roaming\WhatPulse
2012-07-22 17:48 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-07-22 17:48 . 2010-06-02 11:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-07-22 17:48 . 2010-06-02 11:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-07-22 17:48 . 2010-06-02 11:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-07-22 17:48 . 2010-05-26 18:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-07-22 17:48 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-22 17:47 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-07-22 17:47 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-07-22 16:54 . 2012-07-22 16:54 -------- d-----w- c:\windows\Sun
2012-07-22 16:48 . 2012-07-22 16:55 -------- d-----w- c:\users\Gateway\AppData\Roaming\WhatPulse
2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\program files (x86)\WhatPulse
2012-07-21 01:45 . 2012-07-21 01:48 -------- d-----w- c:\users\Gateway\AppData\Local\Ubisoft Game Launcher
2012-07-21 01:45 . 2012-07-21 01:45 -------- d-----w- c:\programdata\Ubisoft
2012-07-21 01:42 . 2012-07-21 01:42 -------- d-----w- c:\program files (x86)\Ubisoft
2012-07-21 01:42 . 2012-07-21 01:42 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-21 01:42 . 2012-07-21 01:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-21 01:39 . 2006-11-29 20:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
2012-07-20 23:55 . 2012-07-20 23:55 -------- d-----w- c:\users\Gateway\AppData\Local\Macromedia
2012-07-20 23:47 . 2012-08-02 20:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-20 23:47 . 2012-08-17 17:24 -------- d-----w- c:\program files (x86)\Steam
2012-07-20 23:46 . 2012-07-20 23:46 -------- d-----w- c:\users\Gateway\AppData\Local\Mozilla
2012-07-19 05:34 . 2012-07-19 05:34 -------- d-----w- c:\users\Gateway\AppData\Local\Aeria Games
2012-07-19 02:41 . 2012-07-19 02:41 -------- d-----w- c:\users\Gateway\AppData\Local\Microsoft Games
2012-07-19 02:15 . 2012-07-19 02:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-07-19 02:05 . 2012-07-19 02:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-07-19 02:05 . 2012-07-19 02:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-19 02:04 . 2012-07-19 02:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-07-19 01:42 . 2012-07-19 01:42 -------- d-----w- c:\users\Guest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 19:55 . 2012-05-05 22:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 19:55 . 2012-05-05 22:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46 . 2012-04-19 04:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 04:28 . 2012-06-13 04:28 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-09 05:30 . 2012-07-11 21:36 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:50 . 2012-07-11 21:36 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:50 . 2012-07-11 21:36 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 21:36 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 21:36 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-21 17:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 17:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 17:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:38 . 2012-07-11 21:36 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 21:36 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 21:36 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 21:36 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 21:36 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 21:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 21:36 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 21:36 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 21:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-16_22.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-16 22:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-16 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-16 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 22:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-16 21:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 22:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-08-16 22:49 32716 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-04-19 02:37 . 2012-08-16 22:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2012-04-19 02:37 . 2012-08-17 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-12-09 18:19 . 2012-08-17 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2009-12-09 18:19 . 2012-08-16 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2012-08-17 17:19 . 2012-08-17 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-16 22:04 . 2012-08-16 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-16 22:04 . 2012-08-16 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-17 17:19 . 2012-08-17 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 22:58 . 2012-08-16 22:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2009-12-09 17:44 . 2012-08-17 12:11 337246 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2012-08-16 22:03 309324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-17 17:17 309324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-20 05:05 . 2012-08-16 22:03 1538924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-906736673-1750738731-1279657910-1000-8192.dat
+ 2012-04-20 05:05 . 2012-08-17 17:18 1538924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-906736673-1750738731-1279657910-1000-8192.dat
+ 2009-07-14 02:34 . 2012-08-17 05:22 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-16 21:59 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-08-02 5661056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-8-12 666992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-06-22 714752]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PCDSRVC{FCB8192B-340B18D0-06020101}_0;PCDSRVC{FCB8192B-340B18D0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\bin\pcdsrv c_x64.pkms [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-07-03 452128]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-02-13 108304]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2012-02-13 2122000]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-15 393216]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 19:55]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000Core.job
- c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000UA.job
- c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
.
2012-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1d0b0e93-2507-453c-bfa8-379645e4128e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20b8a137-78c3-402f-bf94-8f372a6a81ae.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{FCB8192B-340B18D0-06020101}_0]
"ImagePath"="\??\c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\ bin\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.ex e,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-08-17 10:38:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 17:37
ComboFix2.txt 2012-08-16 22:21
.
Pre-Run: 802,051,375,104 bytes free
Post-Run: 804,301,828,096 bytes free
.
- - End Of File - - 5506DA370DC82E5D333423055059E18D
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
17-Aug-2012, 02:14 PM #12
Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
  • Copy and paste/or attach that log as a reply to this topic
**Note** If no threats are found there will not be a log created.
----------
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
19-Aug-2012, 12:32 AM #13
Hi Jeff-

Sorry for the delay..just got back in town...


here is the Malwarebytes log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gateway :: GATEWAY-PC [administrator]

8/17/2012 11:55:20 AM
mbam-log-2012-08-17 (13-00-18).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 555972
Time elapsed: 1 hour(s), 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Program Files (x86)\Vid-Saver\Uninstall.exe.vir (Adware.GamePlayLabs) -> No action taken.

(end)

--------------------------------------------------
EST log file



E:\Documents and Settings\Heather.DELLXPS400TOWER\Desktop\SA.exe multiple threats
bsacco's Avatar
bsacco bsacco is offline
Member with 546 posts.
THREAD STARTER
 
Join Date: Jun 2003
19-Aug-2012, 10:49 AM #14
Hi Jeff,

Also just ran a SuperAntiSpyware scan and found a trojan called:

Trojan.Agent/Gen-FakeDoc
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
19-Aug-2012, 11:08 AM #15
Hi,

Run Malwarebytes again and be sure to remove anything found.
-------

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)
Code:
del "E:\Documents and Settings\Heather.DELLXPS400TOWER\Desktop\SA.exe"
Close the Command Prompt box.
--------

In your next reply please post the new Malwarebytes log and let me know how your system is running.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑