Inactive [Piracy] Google redirect...virus still undetected

Status
Not open for further replies.
EthaNox

EthaNox

Posts: 10   +0
Hello all...
A few days ago I noticed an adobe updater prompting over and over for an update...and then I noticed random popups, and Google redirect. This is the one site I could actually find that WOULDN'T get redirected. I updated and ran Malwarebytes and Spybot in safe mode and was able to get rid of a few threats, however, they are not detecting anything else but I still have the problem and it is getting worse on the speed of my computer.
I did some quick looking and found TDSS Rootkit remover and it found about 3 threats and cleared them..yet the problem remains. I normally consider myself to be very tech savvy, especially with virus removal but this has just gotten WAY more than I can handle! haha =] I really appreciate you guys' help and patiently await your responses!! Logs to follow...
EthaNox
(I am including two logs of Malwarebytes as I have many...one is a day older than the other)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.07.02

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Gary :: GOOMAN [administrator]

5/7/2012 9:00:22 AM
mbam-log-2012-05-07 (09-00-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 476101
Time elapsed: 1 hour(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AmdAgent (Trojan.LameShield) -> Data: C:\Windows\Temp\temp69.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|2DBoy (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Gary\AppData\Local\Apple Computer\2DBoy\tzsfv.dll",DllRegisterServer -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ryybnihex (Rootkit.0Access) -> Data: C:\Users\Gary\AppData\Roaming\Edudy\ahuro.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wetlux (Trojan.Medfos) -> Data: rundll32.exe "C:\Users\Gary\AppData\Local\Temp\wetlux.dll",mpegInNew -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\Windows\svcs.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Windows\Temp\temp69.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\Local\Apple Computer\2DBoy\tzsfv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\Roaming\Edudy\ahuro.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\Local\Temp\wetlux.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Windows\svcs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\FastUserSwitchingCompatibilityex.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\Local\Apple Computer\2DBoy\fprpbuai.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\68c12feb-3ead530b (Trojan.Agent.H) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Gary :: GOOMAN [administrator]

5/6/2012 3:55:14 PM
mbam-log-2012-05-06 (15-55-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 473494
Time elapsed: 58 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoTrayItemsDisplay (Hijack.Tray) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Gary\AppData\Local\Temp\0.5306001462780889 (Exploit.Drop.9) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\Local\Temp\0.8231515202029944 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)
 
I was unable to get anything to come up with GMER, even in safe mode.

[FONT=Courier New] [/FONT]
[FONT=Courier New]DDS (Ver_2011-08-26.01) - NTFSAMD64 [/FONT]
[FONT=Courier New]Internet Explorer: 9.0.8112.16421[/FONT]
[FONT=Courier New]Run by Gary at 19:54:01 on 2012-05-10[/FONT]
[FONT=Courier New]Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2079 [GMT -4:00][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============== Running Processes ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]C:\Windows\system32\wininit.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\lsm.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=Courier New]C:\Windows\System32\spoolsv.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/FONT]
[FONT=Courier New]C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe[/FONT]
[FONT=Courier New]C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k HsfXAudioService[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=Courier New]C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe[/FONT]
[FONT=Courier New]C:\Windows\SysWOW64\vmnat.exe[/FONT]
[FONT=Courier New]C:\Windows\SysWOW64\vmnetdhcp.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\taskhost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\Dwm.exe[/FONT]
[FONT=Courier New]C:\Windows\Explorer.EXE[/FONT]
[FONT=Courier New]C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[/FONT]
[FONT=Courier New]C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe[/FONT]
[FONT=Courier New]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\igfxtray.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\hkcmd.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\igfxpers.exe[/FONT]
[FONT=Courier New]C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe[/FONT]
[FONT=Courier New]C:\Users\Gary\AppData\Roaming\Cyumn\antol.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\igfxext.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\igfxsrvc.exe[/FONT]
[FONT=Courier New]C:\Users\Gary\AppData\Local\Search\SearchGatherer.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\rundll32.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[/FONT]
[FONT=Courier New]C:\Program Files\Rainmeter\Rainmeter.exe[/FONT]
[FONT=Courier New]C:\Windows\SysWOW64\rundll32.exe[/FONT]
[FONT=Courier New]C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Launch Manager\LManager.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\unsecapp.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\VMware\VMware Player\hqtray.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\SearchIndexer.exe[/FONT]
[FONT=Courier New]C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe[/FONT]
[FONT=Courier New]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wuauclt.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Opera\opera.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Courier New]C:\Windows\SysWOW64\cmd.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\conhost.exe[/FONT]
[FONT=Courier New]C:\Windows\SysWOW64\cscript.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============== Pseudo HJT Report ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]uStart Page = hxxp://www.google.com/[/FONT]
[FONT=Courier New]uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273611094545l03g4z175a48n2v23s[/FONT]
[FONT=Courier New]mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273611094545l03g4z175a48n2v23s[/FONT]
[FONT=Courier New]mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273611094545l03g4z175a48n2v23s[/FONT]
[FONT=Courier New]uInternet Settings,ProxyOverride = *.local[/FONT]
[FONT=Courier New]uURLSearchHooks: H - No File[/FONT]
[FONT=Courier New]uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll[/FONT]
[FONT=Courier New]mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll[/FONT]
[FONT=Courier New]mWinlogon: Userinit=userinit.exe,[/FONT]
[FONT=Courier New]BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT=Courier New]BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll[/FONT]
[FONT=Courier New]BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File[/FONT]
[FONT=Courier New]BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll[/FONT]
[FONT=Courier New]BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]
[FONT=Courier New]BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll[/FONT]
[FONT=Courier New]BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll[/FONT]
[FONT=Courier New]TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll[/FONT]
[FONT=Courier New]TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File[/FONT]
[FONT=Courier New]TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File[/FONT]
[FONT=Courier New]uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler[/FONT]
[FONT=Courier New]uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe[/FONT]
[FONT=Courier New]uRun: [Wywefyezep] C:\Users\Gary\AppData\Roaming\Cyumn\antol.exe[/FONT]
[FONT=Courier New]uRun: [SearchGatherer] "C:\Users\Gary\AppData\Local\Search\SearchGatherer.exe" /x[/FONT]
[FONT=Courier New]uRun: [onhfg] rundll32.exe "C:\Users\Gary\AppData\Local\Temp\onhfg.dll",GetImageFormatAttribute[/FONT]
[FONT=Courier New]uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[/FONT]
[FONT=Courier New]mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe[/FONT]
[FONT=Courier New]mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k[/FONT]
[FONT=Courier New]mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"[/FONT]
[FONT=Courier New]mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"[/FONT]
[FONT=Courier New]mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime[/FONT]
[FONT=Courier New]dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background[/FONT]
[FONT=Courier New]StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe[/FONT]
[FONT=Courier New]mPolicies-explorer: NoActiveDesktop = 1 (0x1)[/FONT]
[FONT=Courier New]mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)[/FONT]
[FONT=Courier New]mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)[/FONT]
[FONT=Courier New]mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)[/FONT]
[FONT=Courier New]mPolicies-system: EnableLUA = 0 (0x0)[/FONT]
[FONT=Courier New]mPolicies-system: EnableUIADesktopToggle = 0 (0x0)[/FONT]
[FONT=Courier New]mPolicies-system: PromptOnSecureDesktop = 0 (0x0)[/FONT]
[FONT=Courier New]IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000[/FONT]
[FONT=Courier New]IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html[/FONT]
[FONT=Courier New]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll[/FONT]
[FONT=Courier New]IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL[/FONT]
[FONT=Courier New]IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll[/FONT]
[FONT=Courier New]LSP: mswsock.dll[/FONT]
[FONT=Courier New]LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll[/FONT]
[FONT=Courier New]DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/FONT]
[FONT=Courier New]DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab[/FONT]
[FONT=Courier New]DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab[/FONT]
[FONT=Courier New]TCP: DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\2375942554731383 : DhcpNameServer = 192.168.1.254[/FONT]
[FONT=Courier New]TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\35869764C616D696E676F6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62[/FONT]
[FONT=Courier New]TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\74162797 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62[/FONT]
[FONT=Courier New]TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\E4544574541425 : DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA} : DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Courier New]Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL[/FONT]
[FONT=Courier New]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\Gary\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SkypeGadget1.3.gadget\wrapper\Skype4COM.dll[/FONT]
[FONT=Courier New]SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4[/FONT]
[FONT=Courier New]BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT=Courier New]BHO-X64: AcroIEHelperStub - No File[/FONT]
[FONT=Courier New]BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll[/FONT]
[FONT=Courier New]BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File[/FONT]
[FONT=Courier New]BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll[/FONT]
[FONT=Courier New]BHO-X64: uTorrentControl2 - No File[/FONT]
[FONT=Courier New]BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]
[FONT=Courier New]BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll[/FONT]
[FONT=Courier New]BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll[/FONT]
[FONT=Courier New]TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll[/FONT]
[FONT=Courier New]TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File[/FONT]
[FONT=Courier New]TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File[/FONT]
[FONT=Courier New]mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe[/FONT]
[FONT=Courier New]mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k[/FONT]
[FONT=Courier New]mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"[/FONT]
[FONT=Courier New]mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"[/FONT]
[FONT=Courier New]mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime[/FONT]
[FONT=Courier New]Hosts: 93.115.241.27 www.google-analytics.com.[/FONT]
[FONT=Courier New]Hosts: 93.115.241.27 ad-emea.doubleclick.net.[/FONT]
[FONT=Courier New]Hosts: 93.115.241.27 www.statcounter.com.[/FONT]
[FONT=Courier New]Hosts: 108.163.215.51 www.google-analytics.com.[/FONT]
[FONT=Courier New]Hosts: 108.163.215.51 ad-emea.doubleclick.net.[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Note: multiple HOSTS entries found. Please refer to Attach.txt[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]================= FIREFOX ===================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\fz1nryxo.default\[/FONT]
[FONT=Courier New]FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll[/FONT]
[FONT=Courier New]FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll[/FONT]
[FONT=Courier New]FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[/FONT]
[FONT=Courier New]FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com[/FONT]
[FONT=Courier New]FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?][/FONT]
[FONT=Courier New]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?][/FONT]
[FONT=Courier New]R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808][/FONT]
[FONT=Courier New]R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320][/FONT]
[FONT=Courier New]R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496][/FONT]
[FONT=Courier New]R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992][/FONT]
[FONT=Courier New]R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?][/FONT]
[FONT=Courier New]R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720][/FONT]
[FONT=Courier New]R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160][/FONT]
[FONT=Courier New]R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-9-21 539184][/FONT]
[FONT=Courier New]R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?][/FONT]
[FONT=Courier New]R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?][/FONT]
[FONT=Courier New]R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?][/FONT]
[FONT=Courier New]R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?][/FONT]
[FONT=Courier New]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=Courier New]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576][/FONT]
[FONT=Courier New]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 135664][/FONT]
[FONT=Courier New]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856][/FONT]
[FONT=Courier New]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-3 253088][/FONT]
[FONT=Courier New]S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?][/FONT]
[FONT=Courier New]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-10 25832][/FONT]
[FONT=Courier New]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072][/FONT]
[FONT=Courier New]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 135664][/FONT]
[FONT=Courier New]S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?][/FONT]
[FONT=Courier New]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?][/FONT]
[FONT=Courier New]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?][/FONT]
[FONT=Courier New]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?][/FONT]
[FONT=Courier New]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?][/FONT]
[FONT=Courier New]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?][/FONT]
[FONT=Courier New]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]=============== Created Last 30 ================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-10 21:41:19 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%[/FONT]
[FONT=Courier New]2012-05-10 21:40:25 -------- d-----w- C:\Games\Windows Journal[/FONT]
[FONT=Courier New]2012-05-10 21:17:17 -------- d-----w- C:\TDSSKiller_Quarantine[/FONT]
[FONT=Courier New]2012-05-10 15:22:44 75632----a-w- C:\Windows\System32\drivers\partmgr.sys[/FONT]
[FONT=Courier New]2012-05-10 15:22:40 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys[/FONT]
[FONT=Courier New]2012-05-10 15:22:38 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll[/FONT]
[FONT=Courier New]2012-05-10 15:22:38 1732096 ----a-w- C:\Games\Windows Journal\NBDoc.DLL[/FONT]
[FONT=Courier New]2012-05-10 15:22:38 1402880 ----a-w- C:\Games\Windows Journal\JNWDRV.dll[/FONT]
[FONT=Courier New]2012-05-10 15:22:38 1393664 ----a-w- C:\Games\Windows Journal\JNTFiltr.dll[/FONT]
[FONT=Courier New]2012-05-10 15:22:38 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll[/FONT]
[FONT=Courier New]2012-05-07 02:32:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy[/FONT]
[FONT=Courier New]2012-05-06 19:54:10 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes[/FONT]
[FONT=Courier New]2012-05-06 19:54:03 -------- d-----w- C:\ProgramData\Malwarebytes[/FONT]
[FONT=Courier New]2012-05-06 19:54:02 24904----a-w- C:\Windows\System32\drivers\mbam.sys[/FONT]
[FONT=Courier New]2012-05-06 15:38:37 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd[/FONT]
[FONT=Courier New]2012-05-06 15:37:31 -------- d-----we C:\Windows\system64[/FONT]
[FONT=Courier New]2012-05-04 12:50:23 -------- d-----w- C:\Users\Gary\AppData\Roaming\mIRC[/FONT]
[FONT=Courier New]2012-05-04 01:18:10 -------- d-----w- C:\Users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}[/FONT]
[FONT=Courier New]2012-05-03 21:57:45 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe[/FONT]
[FONT=Courier New]2012-05-03 21:46:51 -------- d-----w- C:\Users\Gary\AppData\Roaming\Osnyw[/FONT]
[FONT=Courier New]2012-05-03 21:46:51 -------- d-----w- C:\Users\Gary\AppData\Roaming\Irdeg[/FONT]
[FONT=Courier New]2012-05-03 21:46:51 -------- d-----w- C:\Users\Gary\AppData\Roaming\Edudy[/FONT]
[FONT=Courier New]2012-05-03 21:46:47 -------- d-----w- C:\Users\Gary\AppData\Local\Search[/FONT]
[FONT=Courier New]2012-05-03 21:46:39 -------- d-----w- C:\Users\Gary\AppData\Roaming\Ycom[/FONT]
[FONT=Courier New]2012-05-03 21:46:39 -------- d-----w- C:\Users\Gary\AppData\Roaming\Veyba[/FONT]
[FONT=Courier New]2012-05-03 21:46:39 -------- d-----w- C:\Users\Gary\AppData\Roaming\Cyumn[/FONT]
[FONT=Courier New]2012-05-03 20:24:16 -------- d-----w- C:\Users\Gary\AppData\Local\Bugsplat[/FONT]
[FONT=Courier New]2012-04-27 16:46:19 -------- d-----w- C:\Users\Gary\AppData\Local\CRE[/FONT]
[FONT=Courier New]2012-04-27 16:46:15 -------- d-----w- C:\Users\Gary\AppData\Local\Conduit[/FONT]
[FONT=Courier New]2012-04-25 20:26:34 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll[/FONT]
[FONT=Courier New]2012-04-23 13:15:20 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9777565-BF43-4BDF-8B2F-7F598B9529D9}\mpengine.dll[/FONT]
[FONT=Courier New]2012-04-15 02:29:25 -------- d-----w- C:\Games\iPod[/FONT]
[FONT=Courier New]2012-04-15 02:29:24 -------- d-----w- C:\Games\iTunes[/FONT]
[FONT=Courier New]2012-04-13 07:00:37 80896----a-w- C:\Windows\System32\imagehlp.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00:37 22896----a-w- C:\Windows\System32\drivers\fs_rec.sys[/FONT]
[FONT=Courier New]2012-04-13 07:00:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00:37 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00:36 5120 ----a-w- C:\Windows\System32\wmi.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00:36 220672 ----a-w- C:\Windows\System32\wintrust.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==================== Find3M ====================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-03 21:57:45 70304----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=Courier New]2012-03-06 06:43:21 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe[/FONT]
[FONT=Courier New]2012-03-06 05:59:41 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe[/FONT]
[FONT=Courier New]2012-03-06 05:59:41 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe[/FONT]
[FONT=Courier New]2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll[/FONT]
[FONT=Courier New]2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll[/FONT]
[FONT=Courier New]2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl[/FONT]
[FONT=Courier New]2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb[/FONT]
[FONT=Courier New]2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll[/FONT]
[FONT=Courier New]2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl[/FONT]
[FONT=Courier New]2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll[/FONT]
[FONT=Courier New]2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb[/FONT]
[FONT=Courier New]2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe[/FONT]
[FONT=Courier New]2012-02-15 15:01:50 52736----a-w- C:\Windows\System32\drivers\usbaapl64.sys[/FONT]
[FONT=Courier New]2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll[/FONT]
[FONT=Courier New]2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll[/FONT]
[FONT=Courier New]2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll[/FONT]
[FONT=Courier New]2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys[/FONT]
[FONT=Courier New]2012-02-15 04:46:59 23552----a-w- C:\Windows\System32\drivers\tdtcp.sys[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============= FINISH: 19:54:56.10 ===============[/FONT]
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/6/2009 6:30:49 AM
System Uptime: 5/10/2012 5:50:47 PM (2 hours ago)
.
Motherboard: Gateway | | NV78
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 152.774 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP402: 4/3/2012 7:49:29 AM - Windows Update
RP403: 4/6/2012 11:05:15 AM - Windows Update
RP404: 4/13/2012 3:00:15 AM - Windows Update
RP405: 4/20/2012 6:51:00 PM - Scheduled Checkpoint
RP406: 4/22/2012 12:11:28 PM - Removed Feedback Tool
RP407: 5/1/2012 12:13:26 AM - Scheduled Checkpoint
RP408: 5/10/2012 3:01:20 PM - Scheduled Checkpoint
RP409: 5/10/2012 5:39:29 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3.2 MUI
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Backup Manager Basic
CDisplay 1.8
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
DivX Setup
Dragon Age: Origins
Dragon NaturallySpeaking 11
Fences
Freecorder 5
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GEAR driver installer for x86 and x64
Google Earth
Google Update Helper
Identity Card
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
K-Lite Mega Codec Pack 6.5.0
Launch Manager
Malwarebytes Anti-Malware version 1.61.0.1400
ManyCam 2.6.43 (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA PhysX
ObjectDock Free
Octoshape add-in for Adobe Flash Player
Opera 11.62
PDF Settings CS5
QuickTime
Rainlendar2 (remove only)
Rainmeter
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rosetta Stone Version 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype™ 5.8
SmartSound Common Data
SmartSound Quicktracks 5
Spybot - Search & Destroy
System Requirements Lab CYRI
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
Topaz Adjust 4
Topaz Detail 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
Video Web Camera
VMware Player
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
WinRAR archiver
WinZip 15.5
World of Warcraft
Yahoo! Detect
Z Engine
.
==== Event Viewer Messages From Past Week ========
.
5/7/2012 8:22:29 AM, Error: Service Control Manager [7030] - The NetworkLog service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/6/2012 9:34:35 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Gooman\Gary SID (S-1-5-21-2650536780-1144770672-1175246650-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/6/2012 9:34:35 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Gooman\Gary SID (S-1-5-21-2650536780-1144770672-1175246650-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/6/2012 11:51:21 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/3/2012 8:28:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/3/2012 12:20:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/10/2012 5:51:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/10/2012 5:51:20 PM, Error: Service Control Manager [7023] - The Windows Team Management service terminated with the following error: The specified module could not be found.
5/10/2012 5:51:20 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/10/2012 5:51:20 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 5:47:36 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 5:29:02 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/10/2012 5:22:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/10/2012 5:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/10/2012 5:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/10/2012 5:21:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/10/2012 5:21:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/10/2012 5:21:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/10/2012 5:21:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/10/2012 5:21:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/10/2012 5:21:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/10/2012 5:21:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2012 5:21:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/10/2012 5:21:11 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================
 
[size=4]Welcome to TechSpot! I'll help with the redirect!

First, there was a significant amount of malware in the first Mbam log. But Mbam alone didn't find and remove all of the related processes.

Second, it's easy to see why you are being redirected> your Host Files have been hijacked! Your searched are being redirected to a site in Romania.

Third: Going by some of the Errors, the router may have gone bad or need to be reset.

Please disable or better, uninstall uTorrentControl2 Toolbar. Do not use it while I am helping you.
Please don't do any scanning or cleaning other than what is in my directions
-----------------------------------------------
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
============================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
=======================================
Please leave the Combofix and Eset logs in your next reply.[/size]
 
Here is the combofix log...I ran the Eset for 3 hours and was not given any prompt to view or save a log...and after it was finished scanning the window just closed. There was 24 threats, however...I remember seing trojans and something with the word "hot" in it. I can redo it, but this is what I have so far:

[FONT=Courier New]ComboFix 12-05-10.04 - Gary 05/10/2012 21:29:22.1.2 - x64[/FONT]
[FONT=Courier New]Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2673 [GMT -4:00][/FONT]
[FONT=Courier New]Running from: c:\users\Gary\Desktop\ComboFix.exe[/FONT]
[FONT=Courier New]SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll[/FONT]
[FONT=Courier New]c:\programdata\ED3BB1D5FB.sys[/FONT]
[FONT=Courier New]c:\users\Gary\AppData\Local\Temp\onhfg.dll[/FONT]
[FONT=Courier New]c:\users\Gary\AppData\Roaming\Cyumn[/FONT]
[FONT=Courier New]c:\users\Gary\AppData\Roaming\Cyumn\antol.exe[/FONT]
[FONT=Courier New]c:\users\Gary\AppData\Roaming\Ycom[/FONT]
[FONT=Courier New]c:\users\Gary\AppData\Roaming\Ycom\xesya.ypu[/FONT]
[FONT=Courier New]c:\windows\system32\consrv.dll[/FONT]
[FONT=Courier New]c:\windows\System64[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-11 01:36 . 2012-05-11 01:36-------- d-----w- c:\users\Default\AppData\Local\temp[/FONT]
[FONT=Courier New]2012-05-10 21:41 . 2012-05-10 21:41-------- d-sh--w- c:\windows\SysWow64\%APPDATA%[/FONT]
[FONT=Courier New]2012-05-10 21:40 . 2012-05-10 21:40-------- d-----w- c:\games\Windows Journal[/FONT]
[FONT=Courier New]2012-05-10 21:17 . 2012-05-11 00:25-------- d-----w- C:\TDSSKiller_Quarantine[/FONT]
[FONT=Courier New]2012-05-10 15:22 . 2012-03-17 07:5575632----a-w- c:\windows\system32\drivers\partmgr.sys[/FONT]
[FONT=Courier New]2012-05-10 15:22 . 2012-03-30 11:091895280 ----a-w- c:\windows\system32\drivers\tcpip.sys[/FONT]
[FONT=Courier New]2012-05-10 15:22 . 2012-04-02 05:241367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll[/FONT]
[FONT=Courier New]2012-05-10 15:22 . 2012-04-02 04:40936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll[/FONT]
[FONT=Courier New]2012-05-07 02:32 . 2012-05-10 23:27-------- d-----w- c:\programdata\Spybot - Search & Destroy[/FONT]
[FONT=Courier New]2012-05-06 19:54 . 2012-05-06 19:54-------- d-----w- c:\users\Gary\AppData\Roaming\Malwarebytes[/FONT]
[FONT=Courier New]2012-05-06 19:54 . 2012-05-06 19:54-------- d-----w- c:\programdata\Malwarebytes[/FONT]
[FONT=Courier New]2012-05-06 19:54 . 2012-04-04 19:5624904----a-w- c:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=Courier New]2012-05-06 15:38 . 2012-05-10 21:290 --sha-w- c:\windows\system32\dds_trash_log.cmd[/FONT]
[FONT=Courier New]2012-05-04 12:50 . 2012-05-04 13:12-------- d-----w- c:\users\Gary\AppData\Roaming\mIRC[/FONT]
[FONT=Courier New]2012-05-04 01:18 . 2012-05-04 01:18-------- d-----w- c:\users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}[/FONT]
[FONT=Courier New]2012-05-03 21:57 . 2012-05-03 21:57418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe[/FONT]
[FONT=Courier New]2012-05-03 21:57 . 2012-05-03 21:57-------- d-----w- c:\windows\system32\Macromed[/FONT]
[FONT=Courier New]2012-05-03 21:46 . 2012-05-07 19:19-------- d-----w- c:\users\Gary\AppData\Roaming\Edudy[/FONT]
[FONT=Courier New]2012-05-03 21:46 . 2012-05-07 12:55-------- d-----w- c:\users\Gary\AppData\Roaming\Irdeg[/FONT]
[FONT=Courier New]2012-05-03 21:46 . 2012-05-03 21:46-------- d-----w- c:\users\Gary\AppData\Roaming\Osnyw[/FONT]
[FONT=Courier New]2012-05-03 21:46 . 2012-05-03 21:46-------- d-----w- c:\users\Gary\AppData\Local\Search[/FONT]
[FONT=Courier New]2012-05-03 21:46 . 2012-05-06 14:59-------- d-----w- c:\users\Gary\AppData\Roaming\Veyba[/FONT]
[FONT=Courier New]2012-05-03 20:24 . 2012-05-03 20:24-------- d-----w- c:\users\Gary\AppData\Local\Bugsplat[/FONT]
[FONT=Courier New]2012-04-27 16:46 . 2012-04-27 16:46-------- d-----w- c:\users\Gary\AppData\Local\CRE[/FONT]
[FONT=Courier New]2012-04-27 16:46 . 2012-05-11 01:26-------- d-----w- c:\users\Gary\AppData\Local\Conduit[/FONT]
[FONT=Courier New]2012-04-25 20:26 . 2009-07-14 01:41258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll[/FONT]
[FONT=Courier New]2012-04-23 13:15 . 2012-04-13 08:468917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9777565-BF43-4BDF-8B2F-7F598B9529D9}\mpengine.dll[/FONT]
[FONT=Courier New]2012-04-15 02:29 . 2012-04-15 02:29-------- d-----w- c:\games\iPod[/FONT]
[FONT=Courier New]2012-04-15 02:29 . 2012-04-15 02:29-------- d-----w- c:\games\iTunes[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 06:5422896----a-w- c:\windows\system32\drivers\fs_rec.sys[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 06:4080896----a-w- c:\windows\system32\imagehlp.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 05:49172544 ----a-w- c:\windows\SysWow64\wintrust.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 05:45158720 ----a-w- c:\windows\SysWow64\imagehlp.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 06:45220672 ----a-w- c:\windows\system32\wintrust.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 06:355120 ----a-w- c:\windows\system32\wmi.dll[/FONT]
[FONT=Courier New]2012-04-13 07:00 . 2012-03-01 05:405120 ----a-w- c:\windows\SysWow64\wmi.dll[/FONT]
[FONT=Courier New]2012-04-12 18:54 . 2012-04-12 18:54-------- d-----w- c:\program files (x86)\Common Files\Skype[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New](((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-03 21:57 . 2011-06-27 01:0070304----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=Courier New]2012-02-23 14:18 . 2010-01-09 17:10279656 ------w- c:\windows\system32\MpSigStub.exe[/FONT]
[FONT=Courier New]2012-02-15 15:01 . 2012-02-15 15:0152736----a-w- c:\windows\system32\drivers\usbaapl64.sys[/FONT]
[FONT=Courier New]2012-02-15 15:01 . 2012-02-15 15:014547944 ----a-w- c:\windows\system32\usbaaplrc.dll[/FONT]
[FONT=Courier New]2012-02-15 06:27 . 2012-03-14 03:231031680 ----a-w- c:\windows\system32\rdpcore.dll[/FONT]
[FONT=Courier New]2012-02-15 05:44 . 2012-03-14 03:23826368 ----a-w- c:\windows\SysWow64\rdpcore.dll[/FONT]
[FONT=Courier New]2012-02-15 04:47 . 2012-03-14 03:23204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys[/FONT]
[FONT=Courier New]2012-02-15 04:46 . 2012-03-14 03:2323552----a-w- c:\windows\system32\drivers\tdtcp.sys[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]*Note* empty entries & legit default entries are not shown [/FONT]
[FONT=Courier New]REGEDIT4[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/FONT]
[FONT=Courier New]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496][/FONT]
[FONT=Courier New]"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024][/FONT]
[FONT=Courier New]"SearchGatherer"="c:\users\Gary\AppData\Local\Search\SearchGatherer.exe" [2012-05-03 40032][/FONT]
[FONT=Courier New]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run][/FONT]
[FONT=Courier New]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640][/FONT]
[FONT=Courier New]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480][/FONT]
[FONT=Courier New]"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720][/FONT]
[FONT=Courier New]"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-09-21 64048][/FONT]
[FONT=Courier New]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run][/FONT]
[FONT=Courier New]"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\[/FONT]
[FONT=Courier New]Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system][/FONT]
[FONT=Courier New]"ConsentPromptBehaviorAdmin"= 0 (0x0)[/FONT]
[FONT=Courier New]"ConsentPromptBehaviorUser"= 3 (0x3)[/FONT]
[FONT=Courier New]"EnableLUA"= 0 (0x0)[/FONT]
[FONT=Courier New]"EnableUIADesktopToggle"= 0 (0x0)[/FONT]
[FONT=Courier New]"PromptOnSecureDesktop"= 0 (0x0)[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384][/FONT]
[FONT=Courier New]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576][/FONT]
[FONT=Courier New]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 135664][/FONT]
[FONT=Courier New]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856][/FONT]
[FONT=Courier New]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 253088][/FONT]
[FONT=Courier New]R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x][/FONT]
[FONT=Courier New]R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832][/FONT]
[FONT=Courier New]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x][/FONT]
[FONT=Courier New]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x][/FONT]
[FONT=Courier New]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072][/FONT]
[FONT=Courier New]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 135664][/FONT]
[FONT=Courier New]R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x][/FONT]
[FONT=Courier New]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x][/FONT]
[FONT=Courier New]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x][/FONT]
[FONT=Courier New]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x][/FONT]
[FONT=Courier New]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x][/FONT]
[FONT=Courier New]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x][/FONT]
[FONT=Courier New]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x][/FONT]
[FONT=Courier New]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x][/FONT]
[FONT=Courier New]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x][/FONT]
[FONT=Courier New]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x][/FONT]
[FONT=Courier New]S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808][/FONT]
[FONT=Courier New]S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320][/FONT]
[FONT=Courier New]S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496][/FONT]
[FONT=Courier New]S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136][/FONT]
[FONT=Courier New]S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704][/FONT]
[FONT=Courier New]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720][/FONT]
[FONT=Courier New]S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160][/FONT]
[FONT=Courier New]S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x][/FONT]
[FONT=Courier New]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184][/FONT]
[FONT=Courier New]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x][/FONT]
[FONT=Courier New]S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x][/FONT]
[FONT=Courier New]S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x][/FONT]
[FONT=Courier New]S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Contents of the 'Scheduled Tasks' folder[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job[/FONT]
[FONT=Courier New]- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:57][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job[/FONT]
[FONT=Courier New]- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 13:24][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job[/FONT]
[FONT=Courier New]- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 13:24][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]--------- x86-64 -----------[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}][/FONT]
[FONT=Courier New]2010-09-22 19:19 284208 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/FONT]
[FONT=Courier New]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112][/FONT]
[FONT=Courier New]"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960][/FONT]
[FONT=Courier New]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232][/FONT]
[FONT=Courier New]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928][/FONT]
[FONT=Courier New]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912][/FONT]
[FONT=Courier New]"combofix"="c:\combofix\CF7932.3XE" [2009-07-14 344576][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler][/FONT]
[FONT=Courier New]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows][/FONT]
[FONT=Courier New]"LoadAppInit_DLLs"=0x0[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs[/FONT]
[FONT=Courier New]penrendezvous[/FONT]
[FONT=Courier New]Invoker[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]------- Supplementary Scan -------[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]uStart Page = hxxp://www.google.com/[/FONT]
[FONT=Courier New]uLocal Page = c:\windows\system32\blank.htm[/FONT]
[FONT=Courier New]mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273611094545l03g4z175a48n2v23s[/FONT]
[FONT=Courier New]mLocal Page = c:\windows\SysWOW64\blank.htm[/FONT]
[FONT=Courier New]uInternet Settings,ProxyOverride = *.local[/FONT]
[FONT=Courier New]IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000[/FONT]
[FONT=Courier New]IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html[/FONT]
[FONT=Courier New]LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll[/FONT]
[FONT=Courier New]TCP: DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Courier New]FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\fz1nryxo.default\[/FONT]
[FONT=Courier New]FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[/FONT]
[FONT=Courier New]FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com[/FONT]
[FONT=Courier New]FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]- - - - ORPHANS REMOVED - - - -[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)[/FONT]
[FONT=Courier New]URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)[/FONT]
[FONT=Courier New]BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)[/FONT]
[FONT=Courier New]Toolbar-Locked - (no file)[/FONT]
[FONT=Courier New]Wow6432Node-HKCU-Run-Wywefyezep - c:\users\Gary\AppData\Roaming\Cyumn\antol.exe[/FONT]
[FONT=Courier New]SafeBoot-21077156.sys[/FONT]
[FONT=Courier New]SafeBoot-42131801.sys[/FONT]
[FONT=Courier New]SafeBoot-43011556.sys[/FONT]
[FONT=Courier New]Toolbar-Locked - (no file)[/FONT]
[FONT=Courier New]WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)[/FONT]
[FONT=Courier New]WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)[/FONT]
[FONT=Courier New]HKLM-Run-SynTPEnh - c:\games\Synaptics\SynTP\SynTPEnh.exe[/FONT]
[FONT=Courier New]AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe[/FONT]
[FONT=Courier New]AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Gary\AppData\Roaming\Macromedia\Flash Player\[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]--------------------- LOCKED REGISTRY KEYS ---------------------[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}][/FONT]
[FONT=Courier New]@Denied: (A 2) (Everyone)[/FONT]
[FONT=Courier New]@="FlashBroker"[/FONT]
[FONT=Courier New]"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation][/FONT]
[FONT=Courier New]"Enabled"=dword:00000001[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32][/FONT]
[FONT=Courier New]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib][/FONT]
[FONT=Courier New]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}][/FONT]
[FONT=Courier New]@Denied: (A 2) (Everyone)[/FONT]
[FONT=Courier New]@="Shockwave Flash Object"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32][/FONT]
[FONT=Courier New]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"[/FONT]
[FONT=Courier New]"ThreadingModel"="Apartment"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus][/FONT]
[FONT=Courier New]@="0"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID][/FONT]
[FONT=Courier New]@="ShockwaveFlash.ShockwaveFlash.11"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32][/FONT]
[FONT=Courier New]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib][/FONT]
[FONT=Courier New]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version][/FONT]
[FONT=Courier New]@="1.0"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID][/FONT]
[FONT=Courier New]@="ShockwaveFlash.ShockwaveFlash"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}][/FONT]
[FONT=Courier New]@Denied: (A 2) (Everyone)[/FONT]
[FONT=Courier New]@="Macromedia Flash Factory Object"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32][/FONT]
[FONT=Courier New]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"[/FONT]
[FONT=Courier New]"ThreadingModel"="Apartment"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID][/FONT]
[FONT=Courier New]@="FlashFactory.FlashFactory.1"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32][/FONT]
[FONT=Courier New]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib][/FONT]
[FONT=Courier New]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version][/FONT]
[FONT=Courier New]@="1.0"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID][/FONT]
[FONT=Courier New]@="FlashFactory.FlashFactory"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}][/FONT]
[FONT=Courier New]@Denied: (A 2) (Everyone)[/FONT]
[FONT=Courier New]@="IFlashBroker4"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32][/FONT]
[FONT=Courier New]@="{00020424-0000-0000-C000-000000000046}"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib][/FONT]
[FONT=Courier New]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]
[FONT=Courier New]"Version"="1.0"[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings][/FONT]
[FONT=Courier New]@Denied: (A) (Users)[/FONT]
[FONT=Courier New]@Denied: (A) (Everyone)[/FONT]
[FONT=Courier New]@Allowed: (B 1 2 3 4 5) (S-1-5-20)[/FONT]
[FONT=Courier New]"BlindDial"=dword:00000000[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security][/FONT]
[FONT=Courier New]@Denied: (Full) (Everyone)[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]------------------------ Other Running Processes ------------------------[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/FONT]
[FONT=Courier New]c:\windows\SysWOW64\vmnat.exe[/FONT]
[FONT=Courier New]c:\program files (x86)\VMware\VMware Player\vmware-authd.exe[/FONT]
[FONT=Courier New]c:\windows\SysWOW64\vmnetdhcp.exe[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]**************************************************************************[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Completion time: 2012-05-10 21:44:37 - machine was rebooted[/FONT]
[FONT=Courier New]ComboFix-quarantined-files.txt 2012-05-11 01:44[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Pre-Run: 162,983,120,896 bytes free[/FONT]
[FONT=Courier New]Post-Run: 162,400,514,048 bytes free[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]- - End Of File - - 585CF697A94B3C4734FD15ABB2DBC594[/FONT]
 
Please follow the directions in the Eset scan:

  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button, then Finish
Click to expand...

Run the scan again please and follow the directions.

Also pay attention to the line that says:
Uncheck 'Remove found threats'
Click to expand...
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
 c:\windows\system32\dds_trash_log.cmd
Folder::
c:\users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}
c:\users\Gary\AppData\Roaming\Edudy
c:\users\Gary\AppData\Roaming\Irdeg
c:\users\Gary\AppData\Roaming\Osnyw
c:\users\Gary\AppData\Local\Search
c:\users\Gary\AppData\Roaming\Veyba
c:\users\Gary\AppData\Local\Bugsplat
c:\users\Gary\AppData\Local\CRE
c:\users\Gary\AppData\Local\Conduit
DDS::
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [Wywefyezep] C:\Users\Gary\AppData\Roaming\Cyumn\antol.exe
uRun: [onhfg] rundll32.exe "C:\Users\Gary\AppData\Local\Temp\onhfg.dll",GetImageFormatAttribute
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-"
Clearjavacache::
Resethostfiles::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Directions for Combofix> Please read all scan directions carefully:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
* Click START> then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Click to expand...

You had Combofix from 2009 loading from the registry: c:\combofix\CF7932.3XE" [2009-07-14 344576]
 
Bobbye said:
Please follow the directions in the Eset scan:



Run the scan again please and follow the directions.

Also pay attention to the line that says:
Click to expand...
I will try the scan again, but I did follow every instruction, but there was no option to "export of text file." I will see if it happens again.
Thanks
 
I also didn't know Combofix was on here....I bought in suppsoedly "new" from best buy in 2010! haha...

ComboFix 12-05-11.03 - Gary 05/11/2012 21:07:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2747 [GMT -4:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
Command switches used :: c:\users\Gary\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}
c:\users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}\chrome.manifest
c:\users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul
c:\users\Gary\AppData\Local\{0046A5D1-9587-11E1-826D-B8AC6F996F26}\install.rdf
c:\users\Gary\AppData\Local\Bugsplat
c:\users\Gary\AppData\Local\Bugsplat\hdvzefhn.dll
c:\users\Gary\AppData\Local\Conduit
c:\users\Gary\AppData\Local\CRE
c:\users\Gary\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
c:\users\Gary\AppData\Local\Search
c:\users\Gary\AppData\Local\Search\SearchGatherer.exe
c:\users\Gary\AppData\Roaming\Edudy
c:\users\Gary\AppData\Roaming\Irdeg
c:\users\Gary\AppData\Roaming\Irdeg\nizu.sik
c:\users\Gary\AppData\Roaming\Osnyw
c:\users\Gary\AppData\Roaming\Osnyw\byko.uhu
c:\users\Gary\AppData\Roaming\Veyba
c:\users\Gary\AppData\Roaming\Veyba\biyl.tmp
c:\users\Gary\AppData\Roaming\Veyba\biyl.zit
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 01:15 . 2012-05-12 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 08:43 . 2012-05-12 01:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9F4A2A4-6223-4BAA-8822-4F9CBDFF48D3}\offreg.dll
2012-05-11 08:42 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9F4A2A4-6223-4BAA-8822-4F9CBDFF48D3}\mpengine.dll
2012-05-11 07:25 . 2012-05-11 07:25 -------- d-----w- c:\games\Reference Assemblies
2012-05-10 21:41 . 2012-05-10 21:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-10 21:40 . 2012-05-10 21:40 -------- d-----w- c:\games\Windows Journal
2012-05-10 21:17 . 2012-05-11 00:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-10 15:58 . 2012-03-03 06:42 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 15:58 . 2012-03-03 06:41 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 15:58 . 2012-03-03 05:32 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 15:58 . 2012-03-03 06:41 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 15:58 . 2012-03-03 06:41 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 15:58 . 2012-03-03 06:41 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 15:58 . 2012-03-03 05:31 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 15:58 . 2012-03-03 05:31 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 15:58 . 2012-03-03 05:31 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 15:58 . 2012-03-03 05:31 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 15:22 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:22 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 15:22 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 15:22 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 15:22 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 15:22 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 15:22 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 15:22 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 02:32 . 2012-05-10 23:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-06 19:54 . 2012-05-06 19:54 -------- d-----w- c:\users\Gary\AppData\Roaming\Malwarebytes
2012-05-06 19:54 . 2012-05-06 19:54 -------- d-----w- c:\programdata\Malwarebytes
2012-05-06 19:54 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 15:38 . 2012-05-10 21:29 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-04 12:50 . 2012-05-04 13:12 -------- d-----w- c:\users\Gary\AppData\Roaming\mIRC
2012-05-03 21:57 . 2012-05-03 21:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-03 21:57 . 2012-05-03 21:57 -------- d-----w- c:\windows\system32\Macromed
2012-04-25 20:26 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2012-04-15 02:29 . 2012-04-15 02:29 -------- d-----w- c:\games\iPod
2012-04-15 02:29 . 2012-04-15 02:29 -------- d-----w- c:\games\iTunes
2012-04-13 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 18:54 . 2012-04-12 18:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 21:57 . 2011-06-27 01:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-01-09 17:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 06:27 . 2012-03-14 03:23 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 03:23 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 03:23 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 03:23 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 135664]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 253088]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:57]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 13:24]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-21 13:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
penrendezvous
Invoker
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273611094545l03g4z175a48n2v23s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\fz1nryxo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SearchGatherer - c:\users\Gary\AppData\Local\Search\SearchGatherer.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\games\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-11 21:18:40
ComboFix-quarantined-files.txt 2012-05-12 01:18
ComboFix2.txt 2012-05-11 01:44
.
Pre-Run: 163,552,804,864 bytes free
Post-Run: 163,642,789,888 bytes free
.
- - End Of File - - BF22335B0CC15FF3774EDC3A86F1A3C2
 
Eset log:
[FONT=Courier New]C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application[/FONT]
[FONT=Courier New]C:\Qoobox\Quarantine\C\Users\Gary\AppData\Local\Search\SearchGatherer.exe.vira variant of Win32/Kryptik.AFAX trojan[/FONT]
[FONT=Courier New]C:\TDSSKiller_Quarantine\10.05.2012_17.15.53\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan[/FONT]
[FONT=Courier New]C:\TDSSKiller_Quarantine\10.05.2012_20.24.49\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan[/FONT]
[FONT=Courier New]C:\Users\Gary\Documents\46b3a55e.exe Win32/Sirefef.DB trojan[/FONT]
[FONT=Courier New]C:\Users\Gary\Downloads\Misc\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan[/FONT]
[FONT=Courier New]C:\Users\Public\Pictures\info\cnet2_IPChanger20Eng_exe.exe a variant of Win32/InstallCore.D application[/FONT]
 
How did you get the Eset log? I was going to have you use a run command to find it.

I also didn't know Combofix was on here....I bought in suppsoedly "new" from best buy in 2010! haha...
Click to expand...
Refirbished maybe, but not new. And Combofix has to be deliberately installed! It's not a pre-installed program and it should only be used when directed and with guidance. You got ripped off!
You still have active Win32/Sirefef. And you also have torentz downloads. Please run the following:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files
[FONT=Courier New]C:\TDSSKiller_Quarantine\10.05.2012_17.15.53\zaea0000\svc0000\tsk0000.dta [/FONT]
[FONT=Courier New]C:\TDSSKiller_Quarantine\10.05.2012_20.24.49\zaea0000\svc0000\tsk0000.dta [/FONT]
[FONT=Courier New]C:\Users\Gary\Documents\46b3a55e.exe [/FONT]
[FONT=Courier New]C:\Users\Gary\Downloads\Misc\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED [URL='http://www.torentz.3xforum.ro%5cthe/']www.torentz.3xforum.ro\The[/URL] Sims 3 - Razor1911 MAXSPEED [URL='http://www.torentz.3xforum.ro.iso/']www.torentz.3xforum.ro.iso[/URL] [/FONT]
[FONT=Courier New]C:\Users\Public\Pictures\info\cnet2_IPChanger20Eng_exe.exe [/FONT]
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Are you still being redirected?
 
I ran Eset in Internet Explorer and it worked just fine...I was using Opera before...I think that was the problem. And damn, I guess I really did get ripped off! How the heck do you like that...
[FONT=Courier New]CKScanner - Additional Security Risks - These are not necessarily bad[/FONT]
[FONT=Courier New]c:\program files (x86)\gateway games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg[/FONT]
[FONT=Courier New]c:\program files (x86)\gateway games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg[/FONT]
[FONT=Courier New]c:\program files (x86)\gateway games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg[/FONT]
[FONT=Courier New]c:\program files (x86)\gateway games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg[/FONT]
[FONT=Courier New]c:\program files (x86)\gateway games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg[/FONT]
[FONT=Courier New]c:\program files (x86)\gateway games\bejeweled 2 deluxe\wtmui_zh-cn\sounds\firecrackle.ogg[/FONT]
[FONT=Courier New]c:\users\gary\desktop\rosetta stone 3.4.7\crack\readme.txt[/FONT]
[FONT=Courier New]c:\users\gary\desktop\rosetta stone 3.4.7\crack\rosettastoneversion3.exe[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\rosetta stone 3.4.7\crack\readme.txt[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\rosetta stone 3.4.7\crack\rosettastoneversion3.exe[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\the sims 3 - razor1911 final maxspeed\crack\ts3.exe[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\the sims 3 - razor1911 final maxspeed\crack\tslhost.dll[/FONT]
[FONT=Courier New]scanner sequence 3.GE.11.WJAPFX[/FONT]
[FONT=Courier New] ----- EOF ----- [/FONT]
Here is the OTM logs...I was having an issue with it and ran it a few times...I followed your directions and received an error that it didn't understand the [FONT] and only accepted numerical entries...so I'm not sure what was accomplished through the runs. Here they are in order:
All processes killed
Error: Unable to interpret <C:\TDSSKiller_Quarantine\10.05.2012_17.15.53\zaea0000\svc0000\tsk0000.dta > in the current context!
Error: Unable to interpret <C:\TDSSKiller_Quarantine\10.05.2012_20.24.49\zaea0000\svc0000\tsk0000.dta > in the current context!
Error: Unable to interpret <C:\Users\Gary\Documents\46b3a55e.exe> in the current context!
Error: Unable to interpret <C:\Users\Gary\Downloads\Misc\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso> in the current context!
Error: Unable to interpret <C:\Users\Public\Pictures\info\cnet2_IPChanger20Eng_exe.exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gary
->Temp folder emptied: 304289 bytes
->Temporary Internet Files folder emptied: 182674 bytes
->Java cache emptied: 19981 bytes
->FireFox cache emptied: 43442916 bytes
->Opera cache emptied: 11754132 bytes
->Flash cache emptied: 5102 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20138 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67362 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 05142012_165028

Files moved on Reboot...
C:\Users\Gary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM-3025780237\vmware-usbarb-SYSTEM-1504.log moved successfully.

Registry entries deleted on Reboot...


Files moved on Reboot...
C:\Users\Gary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTM by OldTimer - Version 3.1.19.0 log created on 05142012_165447
 
I've restarted and done a few searches on Google and have not come across a redirect yet! The OTM file you had actually redirected me, so I had to initially save linked content as to be able to use it...and it goes right through now!
 
[FONT=Courier New]c:\users\gary\desktop\rosetta stone 3.4.7\crack\readme.txt[/FONT]
[FONT=Courier New]c:\users\gary\desktop\rosetta stone 3.4.7\crack\rosettastoneversion3.exe[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\rosetta stone 3.4.7\crack\readme.txt[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\rosetta stone 3.4.7\crack\rosettastoneversion3.exe[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\the sims 3 - razor1911 final maxspeed\crack\ts3.exe[/FONT]
[FONT=Courier New]c:\users\gary\downloads\misc\the sims 3 - razor1911 final maxspeed\crack\tslhost.dll[/FONT]
Click to expand...
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
388
Fastturtle
F
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back