1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Hijacker, now Trojan?

Discussion in 'Virus & Other Malware Removal' started by Galilmalas, Nov 25, 2011.

Thread Status:
Not open for further replies.
  1. Galilmalas

    Galilmalas Thread Starter

    Joined:
    Feb 14, 2009
    Messages:
    6
    Im hoping someone here can help me. I have a laptop that I share with my roommates and its become infected with a virus or something. It started out as a Google Hijacker. It would redirect any links that I clicked on in Google, to some random (obviously fake) website. Then as time moved on, it became more invasive. It erased my computers background, hid all of my icons, deleted some programs such as Malwarebytes, and other things. It even started the horrible "Virus Alerts" that are also obviously fake. I tried using Spybot Search and Destory, as well as Malwarebytes. Below I will post the Information requested in that help forum.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: AMD Athlon(tm) X2 Dual-Core QL-65, AMD64 Family 17 Model 3 Stepping 1
    Processor Count: 2
    RAM: 2814 Mb
    Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
    Hard Drives: C: Total - 226084 MB, Free - 120817 MB;
    Motherboard: Gateway,
    Antivirus: None

    Malwarebytes Log (Ran Yesterday):
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8229

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/24/2011 8:21:20 AM
    mbam-log-2011-11-24 (08-21-20).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 502381
    Time elapsed: 1 hour(s), 17 minute(s), 52 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 26

    Memory Processes Infected:
    c:\Windows\Temp\thpm1487196315782779145.tmp (Trojan.Exploit.Drop.THPM) -> 4676 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{97A3145E-FE19-4CBC-9140-6694DE881929} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\chkabonphst.chkabonphst.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\chkabonphst.chkabonphst (Adware.AdRotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\volmgr (Trojan.Agent) -> Value: volmgr -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\Windows\$BLSTUN$ (Adware.AdRotator) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Windows\Temp\thpm1487196315782779145.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
    c:\programdata\6dss92c31apgjk.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
    c:\programdata\WSTB\verupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
    c:\Users\Aquaman\AppData\Local\Temp\p1kalmig2kb7fz.exe.tmp (Rogue.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\$BLSTUN$\lmatn.dll (Adware.BHO) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\localservice\AppData\Local\Temp\dxa583.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\localservice\AppData\Local\Temp\jar_cache4432786302470622001.tmp (Spyware.Spyeyes) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\localservice\AppData\Roaming\Kynys\opekdia.exe (Spyware.Spyeyes) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\0.2658656025443399.exe (Malware.Gen) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\gdfstr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\javaw.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UXJ8NUY2\ex[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\11\655bf6cb-64e0da32 (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UXJ8NUY2\ex[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\11\655bf6cb-64e0da32 (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.3213321123988797.exe (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.4736550822779033exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Temp\jar_cache2871226344174161734.tmp (Worm.Gamarue) -> Quarantined and deleted successfully.
    c:\Windows\Temp\kghjdfg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Aquaman\AppData\Local\Temp\thpm1321011217268084445.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Users\Aquaman\AppData\Local\Temp\thpm1835243459084098118.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Windows\Temp\thpm7988237639527381820.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Windows\$BLSTUN$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
    c:\Windows\$BLSTUN$\qgnnv.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

    HiJackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:48:19 PM, on 11/25/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16839)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Aquaman\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 74.55.76.230 www.google-analytics.com.
    O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
    O1 - Hosts: 74.55.76.230 www.statcounter.com.
    O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: MrFroggy - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Minibar BHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [qkjUlyDxtx.exe] C:\ProgramData\qkjUlyDxtx.exe
    O4 - HKLM\..\Run: [WKocfFMPaI.exe] C:\ProgramData\WKocfFMPaI.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Aquaman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [mmc62.exe] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Adobe\plugs\mmc62.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [SenderClient.exe] C:\Documents and Settings\All Users\SenderClient.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [5-DayUpdate] C:\Users\Aquaman\AppData\Local\5-Day Forecast\5-DayUpdate\5-Dayupdt32.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AbEVEEVRbhjjV.exe] C:\ProgramData\AbEVEEVRbhjjV.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [K7f9XkrzOtAuS8234A] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\pJ6dWK8fR9TCkBz\Qy0uvS2ib3n5Q6.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [{C5F283F2-E743-5E96-B77C-B64E62178C94}] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Kynys\opekdia.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [5-DayUpdate] C:\Users\Aquaman\AppData\Local\5-Day Forecast\5-DayUpdate\5-Dayupdt32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [5-DayUpdate] C:\Users\Aquaman\AppData\Local\5-Day Forecast\5-DayUpdate\5-Dayupdt32.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Share Your Mood - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\Ham\hamachi-2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: TCP/IP NetBIOS Helper (lmhosts32) - Axes Array - C:\Windows\system32\ntshrui32.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

    --
    End of file - 12620 bytes

    DDS File:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by Aquaman at 20:49:23 on 2011-11-25
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.481 [GMT -8:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Program Files (x86)\Ham\hamachi-2.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Windows\SysWOW64\ntshrui32.exe
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k netsvcs
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
    C:\Program Files (x86)\Java\jre6\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Aquaman\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273608108406l0333z1j6a4833428o
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: FroggyBoss Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - C:\Program Files (x86)\Minibar\Froggy.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: MrFroggy Class: {856e12b5-22d7-4e22-9aca-ea9a008dd65b} - C:\Program Files (x86)\Minibar\Froggy.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Kango.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Google Update] "C:\Users\Aquaman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [qkjUlyDxtx.exe] C:\ProgramData\qkjUlyDxtx.exe
    mRun: [WKocfFMPaI.exe] C:\ProgramData\WKocfFMPaI.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    dRun: [5-DayUpdate] C:\Users\Aquaman\AppData\Local\5-Day Forecast\5-DayUpdate\5-Dayupdt32.exe
    dRun: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC} : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\143786C65697D29437D2741697 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\2456C6B696E6F5366303037303 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.254
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\35471627265736B63702F477E6370295F657270235F657C6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\35471627265736B637D2F477E637D295F65727D235F657C6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\35471627265736B637F5F477E637F597F65727F537F657C6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\4586963702963702350514254514 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{30395B12-2930-4A2E-BB5A-574299DA34BC}\D416E64756058616C656E6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{5102C351-FEA1-4753-92F4-E7D67C12B24E} : DhcpNameServer = 10.255.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
    BHO-X64: PriceGong - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
    BHO-X64: IE BHO Utility - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: MrFroggy Class: {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll
    BHO-X64: MrFroggy - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
    BHO-X64: Minibar BHO - No File
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [qkjUlyDxtx.exe] C:\ProgramData\qkjUlyDxtx.exe
    mRun-x64: [WKocfFMPaI.exe] C:\ProgramData\WKocfFMPaI.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    Hosts: 74.55.76.230 www.google-analytics.com.
    Hosts: 74.55.76.230 ad-emea.doubleclick.net.
    Hosts: 74.55.76.230 www.statcounter.com.
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Aquaman\AppData\Roaming\Mozilla\Firefox\Profiles\eo31ghbx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Aquaman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Aquaman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Aquaman\AppData\Roaming\Mozilla\Firefox\Profiles\eo31ghbx.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npperformeroptimum.dll
    FF - plugin: C:\Users\Aquaman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Aquaman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Performer Optimum: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: XUL Cache: {8ddcb71e-f731-41dd-8603-72ff3bb69418} - %profile%\extensions\{8ddcb71e-f731-41dd-8603-72ff3bb69418}
    FF - Ext: XUL Cache: {7d22b3f6-9ec5-40f2-9a0a-fd3e67e33f95} - %profile%\extensions\{7d22b3f6-9ec5-40f2-9a0a-fd3e67e33f95}
    FF - Ext: XUL Cache: {cd5a5f0f-bdc9-4022-b3a8-a259a6f16234} - %profile%\extensions\{cd5a5f0f-bdc9-4022-b3a8-a259a6f16234}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-9-7 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\Ham\hamachi-2.exe [2011-8-4 2329480]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 lmhosts32;TCP/IP NetBIOS Helper ;C:\Windows\System32\ntshrui32.exe [2011-7-26 793600]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-23 366152]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-9-7 240160]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
    R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
    .
    =============== Created Last 30 ================
    .
    2011-11-25 14:51:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E0E9557-2AC6-460B-937B-1313E45D17CC}\offreg.dll
    2011-11-25 14:51:41 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E0E9557-2AC6-460B-937B-1313E45D17CC}\mpengine.dll
    2011-11-24 17:07:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-24 17:07:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-24 17:07:39 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-24 16:26:22 388096 ----a-r- C:\Users\Aquaman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-24 16:26:18 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-11-24 04:23:05 709968 ----a-w- C:\Windows\isRS-000.tmp
    .
    ==================== Find3M ====================
    .
    2011-10-04 01:32:51 2423808 ----a-w- C:\Windows\SysWow64\zToUstdNE1LSX3C.exe
    2011-10-04 01:32:50 2423808 ----a-w- C:\Windows\SysWow64\FLbYnVQNKuLiqiZ.exe
    2011-10-04 01:32:47 2423808 ----a-w- C:\Windows\SysWow64\GGVJSYnU4e.exe
    2011-09-30 01:48:59 0 ----a-w- C:\Windows\SysWow64\wQd8RXeBzy12FGQ.exe
    2011-09-30 01:48:59 0 ----a-w- C:\Windows\SysWow64\uc2bp5Qd8.exe
    2011-09-30 01:48:59 0 ----a-w- C:\Windows\SysWow64\RQdKRwVlPc2bp5Q.exe
    2011-09-30 01:48:59 0 ----a-w- C:\Windows\SysWow64\Dubp5Qd8Rwe.exe
    2011-09-30 01:48:58 2423808 ----a-w- C:\Windows\SysWow64\RonF4amH5W7E8Rq.exe
    2011-09-30 01:48:58 2423808 ----a-w- C:\Windows\SysWow64\Hv2nF4p5sJdKgZY.exe
    2011-09-30 01:48:58 0 ----a-w- C:\Windows\SysWow64\Q2FpmHQdKRwVlNc.exe
    2011-09-30 01:48:58 0 ----a-w- C:\Windows\SysWow64\cFpmHQdKRwVlNc2.exe
    2011-09-30 01:48:57 2423808 ----a-w- C:\Windows\SysWow64\ogRZqhYXwUeBz0c.exe
    2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-09-03 19:01:57 1181696 ----a-w- C:\ProgramData\SenderClient.exe
    2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 20:50:23.51 ===============



    Thanks!

     
  2. Galilmalas

    Galilmalas Thread Starter

    Joined:
    Feb 14, 2009
    Messages:
    6
  3. Galilmalas

    Galilmalas Thread Starter

    Joined:
    Feb 14, 2009
    Messages:
    6
    If I missed something required to merit a reply, will someone please let me know? I see everyone else with similar problems getting fast answers, yet my request for help seems to not be achieving much attention. Thanks!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028459

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice