1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

found virus - takeover of search engine

Discussion in 'Virus & Other Malware Removal' started by bsacco, Aug 13, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    Problem:

    My 13 year old son is a beginning gamer and has downloaded all kinds of trojans, virus and takeover software on my PC.

    I'm attempting to clean it all up using TSG.

    Below is the info you requested.

    thanks,
    bob




    here's my system:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: AMD Phenom(tm) II X4 810 Processor, AMD64 Family 16 Model 4 Stepping 2
    Processor Count: 4
    RAM: 5887 Mb
    Graphics Card: ATI Radeon HD 5450, 512 Mb
    Hard Drives: C: Total - 936359 MB, Free - 864025 MB; E: Total - 152617 MB, Free - 21034 MB;
    Motherboard: Gateway, RS780
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    ---------------------------------------------------------------------------------------------------------

    1. Copy and paste the HijackThis log.
    2. Copy and paste the contents of the DDS.txt file.
    3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions

    -------------------------------------------------------------------------------------------------------------

    1) HijackThis log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:18:09 PM, on 8/12/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\WhatPulse\WhatPulse.exe
    C:\Program Files (x86)\Free Download Manager\fdm.exe
    C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={72A4EB45-B58E-11E1-BB3F-90FBA6492CD1}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    R3 - URLSearchHook: WhiteSmoke US Toolbar - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
    O1 - Hosts: 216.239.32.20 www.google.de # bck9
    O1 - Hosts: 216.239.32.20 www.google.dk # bck9
    O1 - Hosts: 216.239.32.20 www.google.es # bck9
    O1 - Hosts: 216.239.32.20 www.google.fi # bck9
    O1 - Hosts: 216.239.32.20 www.google.fr # bck9
    O1 - Hosts: 216.239.32.20 www.google.it # bck9
    O1 - Hosts: 216.239.32.20 www.google.lt # bck9
    O1 - Hosts: 216.239.32.20 www.google.lv # bck9
    O1 - Hosts: 216.239.32.20 www.google.nl # bck9
    O1 - Hosts: 216.239.32.20 www.google.pl # bck9
    O1 - Hosts: 216.239.32.20 www.google.pt # bck9
    O1 - Hosts: 216.239.32.20 www.google.ro # bck9
    O1 - Hosts: 216.239.32.20 www.google.ru # bck9
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: InternetHelper - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    O2 - BHO: WhiteSmoke US - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    O3 - Toolbar: WhiteSmoke US Toolbar - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    O4 - Global Startup: Windows Home Server.lnk = ?
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: HPMSSConnectorService (HPMSSConnectorSvc) - HP - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    O23 - Service: MediaCollectorService - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16324 bytes


    --------------------------------------------
    2. Copy and paste the contents of the DDS.txt file


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Gateway at 18:04:33 on 2012-08-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.2674 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\svchost.exe -k yksvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Program Files\Windows Home Server\esClient.exe
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\WhatPulse\WhatPulse.exe
    C:\Program Files (x86)\Free Download Manager\fdm.exe
    C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    C:\Program Files\Windows Home Server\WHSTrayApp.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Program Files\Windows Home Server\WHSConnector.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Gateway\Gateway Updater\alu.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={72A4EB45-B58E-11E1-BB3F-90FBA6492CD1}
    uURLSearchHooks: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    mURLSearchHooks: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
    uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
    uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AD811550-F883-428A-A036-A346B5E500A4} : DhcpNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO-X64: CrossriderApp0003491 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO-X64: DefaultTabBHO - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    BHO-X64: InternetHelper - No File
    BHO-X64: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    BHO-X64: WhiteSmoke US - No File
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO-X64: SWEETIE - No File
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB-X64: InternetHelper Toolbar: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll
    TB-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun-x64: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    Hosts: 216.239.32.20 www.google.ae # bck9
    Hosts: 216.239.32.20 www.google.at # bck9
    Hosts: 216.239.32.20 www.google.be # bck9
    Hosts: 216.239.32.20 www.google.ca # bck9
    Hosts: 216.239.32.20 www.google.ch # bck9
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3237160&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Gateway\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\{9d0f7eb2-452d-4766-b535-8d23e36c300e}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, eed588e4-6889-4bbe-98bc-a96b805bc761
    FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube
    .
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-22 8704]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
    R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-8-1 107520]
    R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R2 HPMSSConnectorSvc;HPMSSConnectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-5 20992]
    R2 MediaCollectorService;MediaCollectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-5 81920]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-5-18 563200]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
    S3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
    S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-13 01:03:57 388096 ----a-r- C:\Users\Gateway\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-13 01:03:56 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-08-13 00:33:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{237C8975-F16F-4925-9E3B-893291D738A2}\offreg.dll
    2012-08-13 00:13:34 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{237C8975-F16F-4925-9E3B-893291D738A2}\mpengine.dll
    2012-08-12 22:37:12 -------- d-----w- C:\Program Files (x86)\Windows Home Server
    2012-08-12 22:37:10 -------- d-----w- C:\Program Files\Windows Home Server
    2012-08-12 20:58:35 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-05 04:52:40 -------- d-----w- C:\Users\Gateway\AppData\Roaming\.minecraft
    2012-08-01 23:49:39 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2012-08-01 23:49:39 525576 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-08-01 23:48:48 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_US
    2012-08-01 23:48:40 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
    2012-08-01 23:48:38 -------- d-----w- C:\Users\Gateway\AppData\Local\The Weather Channel
    2012-08-01 23:48:34 -------- d-----w- C:\Users\Gateway\AppData\Local\Vid-Saver
    2012-08-01 23:48:30 -------- d-----w- C:\Program Files (x86)\Vid-Saver
    2012-08-01 23:47:00 -------- d-----w- C:\Users\Gateway\AppData\Roaming\.techniclauncher
    2012-08-01 23:45:33 -------- d-----w- C:\Program Files (x86)\Yontoo
    2012-08-01 23:45:31 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-08-01 23:45:28 -------- d-----w- C:\Users\Gateway\AppData\Local\antiphishing-vmninternethelper1_1dn
    2012-08-01 23:45:27 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
    2012-08-01 23:45:17 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-08-01 23:45:15 -------- d-----w- C:\Users\Gateway\AppData\Local\Conduit
    2012-08-01 23:45:14 -------- d-----w- C:\Program Files (x86)\InternetHelper
    2012-08-01 23:45:04 -------- d-----w- C:\Users\Gateway\AppData\Local\CRE
    2012-08-01 23:44:56 -------- d-----w- C:\Users\Gateway\AppData\Roaming\Free Download Manager
    2012-08-01 23:44:52 -------- d-----w- C:\Program Files (x86)\Free Download Manager
    2012-08-01 23:40:55 -------- d-----w- C:\Program Files (x86)\DefaultTab
    2012-08-01 23:40:48 -------- d-----w- C:\Users\Gateway\AppData\Roaming\DefaultTab
    2012-08-01 23:40:44 -------- d-----w- C:\ProgramData\W3i
    2012-08-01 23:40:44 -------- d-----w- C:\Program Files (x86)\W3i
    2012-08-01 23:40:27 -------- d-----w- C:\ProgramData\WeCareReminder
    2012-07-27 21:27:43 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-26 21:28:10 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-07-26 21:27:58 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-07-26 16:25:18 -------- d-----w- C:\Program Files (x86)\Aeria Games
    2012-07-22 17:48:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2012-07-22 17:48:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2012-07-22 17:48:04 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2012-07-22 17:48:04 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
    2012-07-22 17:48:04 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
    2012-07-22 17:48:04 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2012-07-22 17:48:03 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2012-07-22 17:48:03 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2012-07-22 17:48:02 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
    2012-07-22 17:48:02 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
    2012-07-22 17:48:00 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
    2012-07-22 17:48:00 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2012-07-22 17:47:59 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
    2012-07-22 17:47:59 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
    2012-07-22 17:22:27 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-07-22 17:22:24 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
    2012-07-22 16:48:12 -------- d-----w- C:\Users\Gateway\AppData\Roaming\WhatPulse
    2012-07-22 16:48:11 -------- d-----w- C:\Program Files (x86)\WhatPulse
    2012-07-21 01:45:44 -------- d-----w- C:\Users\Gateway\AppData\Local\Ubisoft Game Launcher
    2012-07-21 01:42:26 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-21 01:42:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-07-21 01:39:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll
    2012-07-20 23:55:05 -------- d-----w- C:\Users\Gateway\AppData\Local\Macromedia
    2012-07-20 23:47:48 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-07-20 23:47:46 -------- d-----w- C:\Program Files (x86)\Steam
    2012-07-20 23:46:09 -------- d-----w- C:\Users\Gateway\AppData\Local\Mozilla
    2012-07-19 05:34:02 -------- d-----w- C:\Users\Gateway\AppData\Local\Aeria Games
    2012-07-19 02:41:18 -------- d-----w- C:\Users\Gateway\AppData\Local\Microsoft Games
    2012-07-19 02:15:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-19 02:05:14 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-07-19 02:05:02 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-07-19 02:04:53 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-17 04:30:58 -------- d-----w- C:\Windows Home Server Drivers for Restore
    .
    ==================== Find3M ====================
    .
    2012-08-03 02:55:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-03 02:55:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-13 04:28:13 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 18:06:14.60 ===============

    -----------------------------------------------------------------------------------------------------

    3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions

    see attached
     
  2. DaveBurnett

    DaveBurnett Dave Trusted Advisor

    Joined:
    Nov 11, 2002
    Messages:
    11,658
    I can understand why it has taken a while for you to get a response. That is quite a lot of stuff there and not easy to unravel and not all of it good. Some of the things there I have never seen before so I would have to research.
    Unfortunately I'm not qualified on this forum to help, as the malware people all do special courses as a lot of the advice can be dangerous to your machine.
    I do think someone has looked at it but possibly been overwhelmed by later posts.
    Now I have replied it will go back to the top. If it drops to below page two without a response, politely add a "bump" post.
     
  3. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    Hi Dave
    Thanks for the advice.

    Can you tell me what a bump post is and the best to do it?
     
  4. DaveBurnett

    DaveBurnett Dave Trusted Advisor

    Joined:
    Nov 11, 2002
    Messages:
    11,658
    It is just a reply to your post. Whenever someone replies, it takes the time from the reply when showing posts in "newest first" sequence. But don't abuse it or a moderator will jump in and kill it.
     
  5. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    Hi this a polite "bump" as its been several days and a PayPal donation. Still awaiting some TSG help.

    thanks in advance.

    Bob
     
  6. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    can someone recommend comboFix.exe? Just want to know if its safe before I run it.
     
  7. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    OK, well, no response here on TSG so I went ahead and ran ComboFix. Below is the log file. Anyone want to take a shot at looking at it and tell me if any further action is needed?


    ComboFix 12-08-16.01 - Gateway 08/16/2012 14:52:54.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3885 [GMT -7:00]
    Running from: c:\users\Gateway\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Vid-Saver
    c:\program files (x86)\Vid-Saver\Uninstall.exe
    c:\program files (x86)\Vid-Saver\Vid-Saver.exe
    c:\program files (x86)\Vid-Saver\Vid-Saver.ico
    c:\program files (x86)\Vid-Saver\Vid-Saver.ini
    c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
    c:\users\Gateway\AppData\Local\Vid-Saver
    c:\users\Gateway\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\bing.ico
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\google.ico
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome.manifest
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\background.html
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\browser.xul
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\crossrider.js
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\crossriderapi.js
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\dialog.js
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\options.js
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\options.xul
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\search_dialog.xul
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\chrome\content\update.html
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\defaults\preferences\prefs.js
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\install.rdf
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\locale\en-US\translations.dtd
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\button1.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\button2.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\button3.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\button4.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\button5.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\crossrider_statusbar.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\icon128.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\icon16.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\icon24.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\icon48.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\panelarrow-up.png
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\popup.css
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\popup.html
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\popup_binding.xml
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\skin.css
    c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\extensions\[email protected]\skin\update.css
    c:\users\Gateway\Desktop\Setup.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 22:02 . 2012-08-16 22:02 -------- d-----w- c:\users\Nico\AppData\Local\temp
    2012-08-16 22:02 . 2012-08-16 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-16 18:57 . 2012-08-16 20:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-08-16 16:00 . 2012-08-16 16:00 -------- d-----w- c:\users\Public\OEM
    2012-08-16 09:42 . 2012-08-16 09:42 -------- d-----w- C:\Windows Home Server Drivers for Restore
    2012-08-15 18:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9686DDA-F6BC-4063-A9F4-33BA51601607}\mpengine.dll
    2012-08-15 13:56 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 13:56 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 13:56 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 13:56 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
    2012-08-15 13:56 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 13:56 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 13:55 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 13:55 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 13:55 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 13:55 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 13:55 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 13:55 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 19:55 . 2012-08-14 19:55 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-14 16:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-13 16:56 . 2012-08-13 16:56 -------- d-----w- c:\users\Gateway\AppData\Local\LogMeIn Rescue Applet
    2012-08-13 01:03 . 2012-08-13 01:03 388096 ----a-r- c:\users\Gateway\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-13 01:03 . 2012-08-13 01:03 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files (x86)\Windows Home Server
    2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files\Windows Home Server
    2012-08-05 04:52 . 2012-08-05 04:53 -------- d-----w- c:\users\Gateway\AppData\Roaming\.minecraft
    2012-08-03 02:00 . 2012-08-03 04:34 -------- d-----w- c:\users\Nico\AppData\Local\antiphishing-vmninternethelper1_1dn
    2012-08-01 23:49 . 2012-08-01 23:49 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-01 23:49 . 2012-08-01 23:49 525576 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-01 23:49 . 2012-08-01 23:49 191240 ----a-w- c:\windows\system32\javaws.exe
    2012-08-01 23:40 . 2012-08-01 23:41 -------- d-----w- c:\program files (x86)\DefaultTab
    2012-08-01 23:40 . 2012-08-01 23:40 -------- d-----w- c:\program files (x86)\7-zip
    2012-08-01 23:40 . 2012-08-16 22:00 -------- d-----w- c:\users\Gateway\AppData\Roaming\DefaultTab
    2012-08-01 23:40 . 2012-08-13 07:23 -------- d-----w- c:\programdata\WeCareReminder
    2012-07-31 22:55 . 2012-07-31 22:56 -------- d-----w- c:\users\Olivia
    2012-07-27 21:27 . 2012-07-27 21:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-26 21:28 . 2012-07-26 21:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-07-26 21:27 . 2012-07-26 21:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-07-26 16:25 . 2012-07-26 16:25 -------- d-----w- c:\program files (x86)\Aeria Games
    2012-07-23 16:43 . 2012-07-23 16:44 -------- d-----w- c:\users\Nico\AppData\Local\Ubisoft Game Launcher
    2012-07-22 19:53 . 2012-07-22 19:59 -------- d-----w- c:\users\Nico\AppData\Roaming\WhatPulse
    2012-07-22 17:48 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2012-07-22 17:48 . 2010-06-02 11:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
    2012-07-22 17:48 . 2010-06-02 11:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
    2012-07-22 17:48 . 2010-06-02 11:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
    2012-07-22 17:48 . 2010-05-26 18:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2012-07-22 17:47 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2012-07-22 17:47 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
    2012-07-22 16:54 . 2012-07-22 16:54 -------- d-----w- c:\windows\Sun
    2012-07-22 16:48 . 2012-07-22 16:55 -------- d-----w- c:\users\Gateway\AppData\Roaming\WhatPulse
    2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\program files (x86)\WhatPulse
    2012-07-21 01:45 . 2012-07-21 01:48 -------- d-----w- c:\users\Gateway\AppData\Local\Ubisoft Game Launcher
    2012-07-21 01:45 . 2012-07-21 01:45 -------- d-----w- c:\programdata\Ubisoft
    2012-07-21 01:42 . 2012-07-21 01:42 -------- d-----w- c:\program files (x86)\Ubisoft
    2012-07-21 01:42 . 2012-07-21 01:42 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-21 01:42 . 2012-07-21 01:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-21 01:39 . 2006-11-29 20:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
    2012-07-20 23:55 . 2012-07-20 23:55 -------- d-----w- c:\users\Gateway\AppData\Local\Macromedia
    2012-07-20 23:47 . 2012-08-02 20:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-07-20 23:47 . 2012-08-16 22:04 -------- d-----w- c:\program files (x86)\Steam
    2012-07-20 23:46 . 2012-07-20 23:46 -------- d-----w- c:\users\Gateway\AppData\Local\Mozilla
    2012-07-19 05:34 . 2012-07-19 05:34 -------- d-----w- c:\users\Gateway\AppData\Local\Aeria Games
    2012-07-19 02:41 . 2012-07-19 02:41 -------- d-----w- c:\users\Gateway\AppData\Local\Microsoft Games
    2012-07-19 02:15 . 2012-07-19 02:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-19 02:05 . 2012-07-19 02:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-07-19 02:05 . 2012-07-19 02:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-07-19 02:04 . 2012-07-19 02:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-19 01:42 . 2012-07-19 01:42 -------- d-----w- c:\users\Guest
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 19:55 . 2012-05-05 22:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-14 19:55 . 2012-05-05 22:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 20:46 . 2012-04-19 04:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-13 04:28 . 2012-06-13 04:28 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-09 05:30 . 2012-07-11 21:36 14165504 ----a-w- c:\windows\system32\shell32.dll
    2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 05:50 . 2012-07-11 21:36 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:50 . 2012-07-11 21:36 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 21:36 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 21:36 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-02 22:19 . 2012-06-21 17:59 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 17:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:59 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 17:59 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 17:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 17:58 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-21 17:59 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:38 . 2012-07-11 21:36 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:38 . 2012-07-11 21:36 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:37 . 2012-07-11 21:36 459216 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:27 . 2012-07-11 21:36 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:27 . 2012-07-11 21:36 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:48 . 2012-07-11 21:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:48 . 2012-07-11 21:36 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:47 . 2012-07-11 21:36 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:42 . 2012-07-11 21:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9d0f7eb2-452d-4766-b535-8d23e36c300e}"= "c:\program files (x86)\InternetHelper\prxtbInte.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{9d0f7eb2-452d-4766-b535-8d23e36c300e}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9d0f7eb2-452d-4766-b535-8d23e36c300e}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\InternetHelper\prxtbInte.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{9d0f7eb2-452d-4766-b535-8d23e36c300e}"= "c:\program files (x86)\InternetHelper\prxtbInte.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{9d0f7eb2-452d-4766-b535-8d23e36c300e}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-08-02 5661056]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
    "WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
    "Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
    "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-8-12 666992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
    R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-06-22 714752]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 PCDSRVC{FCB8192B-340B18D0-06020101}_0;PCDSRVC{FCB8192B-340B18D0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-07-03 452128]
    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
    S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-02-13 108304]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
    S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2012-02-13 2122000]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
    S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
    S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
    S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-15 393216]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 19:55]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000Core.job
    - c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000UA.job
    - c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
    .
    2012-08-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1d0b0e93-2507-453c-bfa8-379645e4128e.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-08-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20b8a137-78c3-402f-bf94-8f372a6a81ae.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
    "combofix"="c:\combofix\CF24806.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173612094204p2329u985408l17472
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3237160&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    Toolbar-Locked - (no file)
    AddRemove-DefaultTab - c:\users\Gateway\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{FCB8192B-340B18D0-06020101}_0]
    "ImagePath"="\??\c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\bin\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Steam\SteamService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-16 15:20:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-16 22:20
    .
    Pre-Run: 846,051,241,984 bytes free
    Post-Run: 845,913,120,768 bytes free
    .
    - - End Of File - - 0FC5F8F8659F7E2DF00761AECD76B73D
     
  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Sorry for any delay but as you can see we are very busy here.

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If asked whether you would like to update the Avast virus database please do.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------
     
  9. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    OK, thanks for the reply Jeff.

    Here is the scan you requested.

    quick question.....I'm running Microsoft Essentials, SuperAntiSpyware, and Malwarebytes manually. Should I install Avast- full version?


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-16 20:48:46
    -----------------------------
    20:48:46.230 OS Version: Windows x64 6.1.7600
    20:48:46.230 Number of processors: 4 586 0x402
    20:48:46.231 ComputerName: GATEWAY-PC UserName: Gateway
    20:48:47.698 Initialize success
    20:50:48.778 AVAST engine defs: 12081601
    20:51:19.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:51:19.013 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
    20:51:19.019 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
    20:51:19.024 Disk 1 Vendor: MAXTOR_STM3160815AS 3.AAD Size: 152627MB BusType: 3
    20:51:19.047 Disk 0 MBR read successfully
    20:51:19.050 Disk 0 MBR scan
    20:51:19.138 Disk 0 unknown MBR code
    20:51:19.140 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
    20:51:19.182 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
    20:51:19.208 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432
    20:51:19.260 Disk 0 scanning C:\Windows\system32\drivers
    20:51:30.527 Service scanning
    20:51:57.006 Modules scanning
    20:51:57.028 Disk 0 trace - called modules:
    20:51:57.057 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:51:57.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006249790]
    20:51:57.068 3 CLASSPNP.SYS[fffff880018b143f] -> nt!IofCallDriver -> [0xfffffa8005cb08d0]
    20:51:57.073 5 ACPI.sys[fffff88000e9c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061b3060]
    20:51:58.445 AVAST engine scan C:\Windows
    20:52:02.383 AVAST engine scan C:\Windows\system32
    20:55:45.558 AVAST engine scan C:\Windows\system32\drivers
    20:56:01.224 AVAST engine scan C:\Users\Gateway
    21:04:00.626 AVAST engine scan C:\ProgramData
    21:05:11.462 Scan finished successfully
    21:13:54.762 Disk 0 MBR has been saved successfully to "C:\Users\Gateway\Desktop\MBR.dat"
    21:13:54.836 The log file has been saved successfully to "C:\Users\Gateway\Desktop\aswMBR.txt"
     
  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    No let's hold off on that for a bit. :)
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  11. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    Hi Jeff-

    Here is the log you requested:


    ComboFix 12-08-17.03 - Gateway 08/17/2012 10:09:45.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4487 [GMT -7:00]
    Running from: c:\users\Gateway\Desktop\ComboFix.exe
    Command switches used :: c:\users\Gateway\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Conduit
    c:\program files (x86)\Conduit\Community Alerts\Alert.dll
    c:\program files (x86)\InternetHelper\prxtbInte.dll
    c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    c:\users\Gateway\AppData\Local\Conduit
    c:\users\Gateway\AppData\Local\Conduit\CT3237160\InternetHelperAutoUpdateHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-17 17:17 . 2012-08-17 17:17 -------- d-----w- c:\users\Nico\AppData\Local\temp
    2012-08-17 17:17 . 2012-08-17 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-17 13:01 . 2012-08-17 13:01 -------- d-----w- c:\users\Gateway\AppData\Roaming\Canneverbe Limited
    2012-08-17 13:01 . 2012-08-17 13:01 -------- d-----w- c:\programdata\Canneverbe Limited
    2012-08-17 13:01 . 2012-08-17 13:01 -------- d-----w- c:\program files (x86)\CDBurnerXP
    2012-08-16 22:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D89F875D-961D-4462-BD41-B447C271A766}\mpengine.dll
    2012-08-16 18:57 . 2012-08-16 20:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-08-16 16:00 . 2012-08-16 16:00 -------- d-----w- c:\users\Public\OEM
    2012-08-15 18:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 13:56 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 13:56 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 13:56 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 13:56 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
    2012-08-15 13:56 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 13:56 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 13:55 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 13:55 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 13:55 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 13:55 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 13:55 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 13:55 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 19:55 . 2012-08-14 19:55 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-13 16:56 . 2012-08-13 16:56 -------- d-----w- c:\users\Gateway\AppData\Local\LogMeIn Rescue Applet
    2012-08-13 01:03 . 2012-08-13 01:03 388096 ----a-r- c:\users\Gateway\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-13 01:03 . 2012-08-13 01:03 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files (x86)\Windows Home Server
    2012-08-12 22:37 . 2012-08-12 22:37 -------- d-----w- c:\program files\Windows Home Server
    2012-08-05 04:52 . 2012-08-05 04:53 -------- d-----w- c:\users\Gateway\AppData\Roaming\.minecraft
    2012-08-03 02:00 . 2012-08-03 04:34 -------- d-----w- c:\users\Nico\AppData\Local\antiphishing-vmninternethelper1_1dn
    2012-08-01 23:49 . 2012-08-01 23:49 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-01 23:40 . 2012-08-01 23:41 -------- d-----w- c:\program files (x86)\DefaultTab
    2012-08-01 23:40 . 2012-08-01 23:40 -------- d-----w- c:\program files (x86)\7-zip
    2012-08-01 23:40 . 2012-08-16 22:00 -------- d-----w- c:\users\Gateway\AppData\Roaming\DefaultTab
    2012-08-01 23:40 . 2012-08-13 07:23 -------- d-----w- c:\programdata\WeCareReminder
    2012-07-31 22:55 . 2012-07-31 22:56 -------- d-----w- c:\users\Olivia
    2012-07-27 21:27 . 2012-07-27 21:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-26 21:28 . 2012-07-26 21:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-07-26 21:27 . 2012-07-26 21:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-07-26 16:25 . 2012-07-26 16:25 -------- d-----w- c:\program files (x86)\Aeria Games
    2012-07-23 16:43 . 2012-07-23 16:44 -------- d-----w- c:\users\Nico\AppData\Local\Ubisoft Game Launcher
    2012-07-22 19:53 . 2012-07-22 19:59 -------- d-----w- c:\users\Nico\AppData\Roaming\WhatPulse
    2012-07-22 17:48 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2012-07-22 17:48 . 2010-06-02 11:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
    2012-07-22 17:48 . 2010-06-02 11:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
    2012-07-22 17:48 . 2010-06-02 11:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
    2012-07-22 17:48 . 2010-05-26 18:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2012-07-22 17:48 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2012-07-22 17:47 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2012-07-22 17:47 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-07-22 17:22 . 2012-07-22 17:22 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
    2012-07-22 16:54 . 2012-07-22 16:54 -------- d-----w- c:\windows\Sun
    2012-07-22 16:48 . 2012-07-22 16:55 -------- d-----w- c:\users\Gateway\AppData\Roaming\WhatPulse
    2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\program files (x86)\WhatPulse
    2012-07-21 01:45 . 2012-07-21 01:48 -------- d-----w- c:\users\Gateway\AppData\Local\Ubisoft Game Launcher
    2012-07-21 01:45 . 2012-07-21 01:45 -------- d-----w- c:\programdata\Ubisoft
    2012-07-21 01:42 . 2012-07-21 01:42 -------- d-----w- c:\program files (x86)\Ubisoft
    2012-07-21 01:42 . 2012-07-21 01:42 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-21 01:42 . 2012-07-21 01:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-21 01:39 . 2006-11-29 20:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
    2012-07-20 23:55 . 2012-07-20 23:55 -------- d-----w- c:\users\Gateway\AppData\Local\Macromedia
    2012-07-20 23:47 . 2012-08-02 20:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-07-20 23:47 . 2012-08-17 17:24 -------- d-----w- c:\program files (x86)\Steam
    2012-07-20 23:46 . 2012-07-20 23:46 -------- d-----w- c:\users\Gateway\AppData\Local\Mozilla
    2012-07-19 05:34 . 2012-07-19 05:34 -------- d-----w- c:\users\Gateway\AppData\Local\Aeria Games
    2012-07-19 02:41 . 2012-07-19 02:41 -------- d-----w- c:\users\Gateway\AppData\Local\Microsoft Games
    2012-07-19 02:15 . 2012-07-19 02:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-19 02:05 . 2012-07-19 02:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-07-19 02:05 . 2012-07-19 02:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-07-19 02:04 . 2012-07-19 02:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-19 01:42 . 2012-07-19 01:42 -------- d-----w- c:\users\Guest
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 19:55 . 2012-05-05 22:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-14 19:55 . 2012-05-05 22:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 20:46 . 2012-04-19 04:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-13 04:28 . 2012-06-13 04:28 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-09 05:30 . 2012-07-11 21:36 14165504 ----a-w- c:\windows\system32\shell32.dll
    2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 05:50 . 2012-07-11 21:36 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:50 . 2012-07-11 21:36 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 21:36 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 21:36 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-02 22:19 . 2012-06-21 17:59 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 17:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:59 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 17:59 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 17:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 17:58 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-21 17:59 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:38 . 2012-07-11 21:36 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:38 . 2012-07-11 21:36 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:37 . 2012-07-11 21:36 459216 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:27 . 2012-07-11 21:36 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:27 . 2012-07-11 21:36 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:48 . 2012-07-11 21:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:48 . 2012-07-11 21:36 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:47 . 2012-07-11 21:36 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:42 . 2012-07-11 21:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-16_22.05.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-08-16 22:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-08-16 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-08-16 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-16 22:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-16 21:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-16 22:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 05:10 . 2012-08-16 22:49 32716 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2012-04-19 02:37 . 2012-08-16 22:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-04-19 02:37 . 2012-08-17 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-12-09 18:19 . 2012-08-17 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-12-09 18:19 . 2012-08-16 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-17 17:19 . 2012-08-17 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-16 22:04 . 2012-08-16 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-16 22:04 . 2012-08-16 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-17 17:19 . 2012-08-17 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-16 22:58 . 2012-08-16 22:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-12-09 17:44 . 2012-08-17 12:11 337246 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 05:01 . 2012-08-16 22:03 309324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-17 17:17 309324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-04-20 05:05 . 2012-08-16 22:03 1538924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-906736673-1750738731-1279657910-1000-8192.dat
    + 2012-04-20 05:05 . 2012-08-17 17:18 1538924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-906736673-1750738731-1279657910-1000-8192.dat
    + 2009-07-14 02:34 . 2012-08-17 05:22 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-08-16 21:59 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-08-02 5661056]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
    "WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
    "Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
    "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-8-12 666992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
    R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-06-22 714752]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 PCDSRVC{FCB8192B-340B18D0-06020101}_0;PCDSRVC{FCB8192B-340B18D0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-07-03 452128]
    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
    S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-02-13 108304]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
    S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2012-02-13 2122000]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
    S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
    S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
    S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-15 393216]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 19:55]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000Core.job
    - c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
    .
    2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906736673-1750738731-1279657910-1000UA.job
    - c:\users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:55]
    .
    2012-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1d0b0e93-2507-453c-bfa8-379645e4128e.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20b8a137-78c3-402f-bf94-8f372a6a81ae.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\cx0dosbn.default\
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{FCB8192B-340B18D0-06020101}_0]
    "ImagePath"="\??\c:\users\gateway\appdata\local\temp\9xgmq9v6heqc\pcdrdiag\bin\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Steam\SteamService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-17 10:38:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-17 17:37
    ComboFix2.txt 2012-08-16 22:21
    .
    Pre-Run: 802,051,375,104 bytes free
    Post-Run: 804,301,828,096 bytes free
    .
    - - End Of File - - 5506DA370DC82E5D333423055059E18D
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Malwarebytes

    I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
    ----------

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
    • Click Scan (This scan can take several hours, so please be patient)
    • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
    • Copy and paste/or attach that log as a reply to this topic
    **Note** If no threats are found there will not be a log created.
    ----------
     
  13. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    Hi Jeff-

    Sorry for the delay..just got back in town...


    here is the Malwarebytes log:


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.17.07

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gateway :: GATEWAY-PC [administrator]

    8/17/2012 11:55:20 AM
    mbam-log-2012-08-17 (13-00-18).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 555972
    Time elapsed: 1 hour(s), 3 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Qoobox\Quarantine\C\Program Files (x86)\Vid-Saver\Uninstall.exe.vir (Adware.GamePlayLabs) -> No action taken.

    (end)

    --------------------------------------------------
    EST log file



    E:\Documents and Settings\Heather.DELLXPS400TOWER\Desktop\SA.exe multiple threats
     
  14. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    559
    Hi Jeff,

    Also just ran a SuperAntiSpyware scan and found a trojan called:

    Trojan.Agent/Gen-FakeDoc
     
  15. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Run Malwarebytes again and be sure to remove anything found.
    -------

    First open an elevated command prompt > Click Start and type cmd in Start Search.
    When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

    Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)
    Code:
    del "E:\Documents and Settings\Heather.DELLXPS400TOWER\Desktop\SA.exe"
    
    Close the Command Prompt box.
    --------

    In your next reply please post the new Malwarebytes log and let me know how your system is running. :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1064877