TechSpot

Google redirect issue

By spizzie
Sep 5, 2011
  1. Okay so I am new to this forum, and I have a very urgent problem with my google always redirecting me to these random websites with searches that I have never even see before!
    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xF2 0x60 0x16 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x6D 0x9D 0x57 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA1 0xCC 0x06 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x71 0xC1 0x9C 0xB0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}@LeaseObtainedTime 1315241934
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}@T1 1331009934
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}@T2 1342835934
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}@LeaseTerminatesTime 1346777934
    Reg HKLM\SYSTEM\CurrentControlSet\services\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}\Parameters\Tcpip@LeaseObtainedTime 1315241934
    Reg HKLM\SYSTEM\CurrentControlSet\services\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}\Parameters\Tcpip@T1 1331009934
    Reg HKLM\SYSTEM\CurrentControlSet\services\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}\Parameters\Tcpip@T2 1342835934
    Reg HKLM\SYSTEM\CurrentControlSet\services\{95455BD8-4B78-4F2E-BA01-9B4533C20B1F}\Parameters\Tcpip@LeaseTerminatesTime 1346777934
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xF2 0x60 0x16 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x6D 0x9D 0x57 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA1 0xCC 0x06 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x71 0xC1 0x9C 0xB0 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8759E5DC-5B70-61CA-1DE2-53578A5174D8}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F36E8851-4B4B-E30E-051B-F58BDA45BBA6}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F36E8851-4B4B-E30E-051B-F58BDA45BBA6}@oaailccogpdienmmkmdbilibnmgnhf 0x69 0x61 0x65 0x68 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F36E8851-4B4B-E30E-051B-F58BDA45BBA6}@pagikifnnofmipdbbcoecjkidfpemcib 0x69 0x61 0x65 0x68 ...

    ---- Files - GMER 1.0.15 ----

    Edit to delete inappropriate files

    ---- EOF - GMER 1.0.15 ----
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0
    Run by adrian at 13:58:41 on 2011-09-05
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2310 [GMT -4:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gacela\Gacela-Reporting.exe
    C:\Program Files (x86)\Gacela\Gacela-Updater.exe
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Users\adrian\AppData\Local\MediaGet2\mediaget.exe
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.ask.com/?l=dis&o=15179
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4300&r=17360710c100p0437y155k45j1r292
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Gacela: {4beea052-726d-4a6e-b65d-a6bd07c263f3} - C:\Program Files (x86)\Gacela\Gacela2.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - C:\Program Files (x86)\Shop to Win 4\ShoppingBHO.dll
    BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Drop Down Deals\YontooIEClient.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Gacela: {5f6e2508-41c4-4d4b-8ac3-d7ed6e4eb2ae} - C:\Program Files (x86)\Gacela\Gacela2.dll
    TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    EB: Gacela: {4a62fac4-1670-430b-8c6b-9c7b53f51798} - C:\Program Files (x86)\Gacela\Gacela2.dll
    uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    uRun: [MediaGet2] C:\Users\adrian\AppData\Local\MediaGet2\mediaget.exe --minimized
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
    mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    StartupFolder: C:\Users\adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuneScapeQuickLoader.jar
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - C:\Program Files (x86)\Gacela\Gacela2.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{B6652785-8AE5-4A00-8B10-BCAA791D1B10} : DhcpNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{B6652785-8AE5-4A00-8B10-BCAA791D1B10}\16A716 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{B6652785-8AE5-4A00-8B10-BCAA791D1B10}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{B6652785-8AE5-4A00-8B10-BCAA791D1B10}\E4544574541425 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CA7B2087-CDEA-4F57-B2CC-4611877A9F9F} : DhcpNameServer = 10.13.0.1 10.13.0.2
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: {1E5GECL5-60XY-1LDH-0QP0-UICN1152PEOW} - C:\Windows\Windows\svchost.exe Restart
    mASetup: {BEBCABB9-FED3-3BEF-1DDD-C9DEFD0AF2AE} - C:\Users\adrian\AppData\Roaming\bot.exe
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    BHO-X64: MediaBar - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Gacela: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\Gacela2.dll
    BHO-X64: Gacela2 - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Shop to Win 4: {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files (x86)\Shop to Win 4\ShoppingBHO.dll
    BHO-X64: Freecause Shopping BHO - No File
    BHO-X64: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
    BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
    BHO-X64: MediaBar - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Drop Down Deals\YontooIEClient.dll
    BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB-X64: Gacela: {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\Gacela\Gacela2.dll
    TB-X64: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    EB-X64: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - No File
    mRun-x64: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-12 1151096]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110902.030\IDSviA64.sys [2011-9-2 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 Gacela-Reporting-Service;Gacela-Reporting-Service;C:\Program Files (x86)\Gacela\Gacela-Reporting.exe [2011-1-24 102400]
    R2 Gacela-Update-Service;Gacela-Update-Service;C:\Program Files (x86)\Gacela\Gacela-Updater.exe [2011-1-24 180224]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-7 366640]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [2011-9-4 130008]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-12 243232]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-4 136824]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-30 135664]
    S2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-30 135664]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-09-04 23:34:53 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-09-04 13:25:42 912504 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symefa64.sys
    2011-09-04 13:25:42 450680 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symds64.sys
    2011-09-04 13:25:42 40568 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\srtspx64.sys
    2011-09-04 13:25:42 386168 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symnets.sys
    2011-09-04 13:25:41 744568 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\srtsp64.sys
    2011-09-04 13:25:41 171128 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\ironx64.sys
    2011-09-04 13:25:22 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1206000.01D
    2011-09-04 05:57:24 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-09-04 05:57:24 -------- d-----w- C:\Program Files\Symantec
    2011-09-04 05:57:24 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-09-04 05:57:02 -------- d-----w- C:\Windows\System32\drivers\NAVx64
    2011-09-04 05:57:00 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2011-09-04 05:56:46 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-09-04 05:43:29 -------- d-----w- C:\Windows\SysWow64\Norton Antivirus
    2011-09-04 05:42:07 -------- d-----w- C:\ProgramData\Premium
    2011-09-04 05:42:07 -------- d-----w- C:\ProgramData\InstallMate
    2011-09-04 05:32:57 640896 ----a-w- C:\Windows\System32\winload.efi
    2011-09-04 05:24:53 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7ADF1CA-EE89-4A30-9266-ACAB5CC4C463}\mpengine.dll
    2011-09-03 06:27:29 -------- d-----w- C:\Program Files (x86)\JonDo
    2011-09-02 22:22:34 -------- d-----w- C:\gamigo
    2011-09-02 22:22:34 -------- d-----w- \gamigo
    2011-09-02 21:10:55 -------- d-----w- C:\Users\adrian\AppData\Local\PMB Files
    2011-09-02 20:54:26 -------- d-----we C:\Windows\system64
    2011-09-02 20:11:58 -------- d-----w- C:\Windows\SysWow64\Cinema 4d
    2011-09-02 19:51:36 -------- d-----w- C:\Windows\SysWow64\The Carter IV
    2011-08-31 03:34:21 -------- d-----w- C:\Users\adrian\.minecraft
    2011-08-31 01:50:11 -------- d-----w- C:\Users\adrian\AppData\Local\TechSmith
    2011-08-30 00:19:17 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2011-08-29 22:36:12 -------- d-----w- C:\Windows\SysWow64\Antares Vocal Kit
    2011-08-29 17:09:28 120296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npganymedenet.dll
    2011-08-29 14:50:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-28 18:10:11 -------- d-----w- C:\Windows\SysWow64\Empire Earth
    2011-08-28 18:02:48 -------- d-----w- C:\Windows\SysWow64\Empire Earth II
    2011-08-28 15:53:31 -------- d-----w- C:\Users\adrian\AppData\Local\Facebook
    2011-08-28 15:12:40 -------- d-----w- C:\Windows\SysWow64\Bad Teacher
    2011-08-26 00:09:22 -------- d-----w- C:\Windows\SysWow64\Starcraft
    2011-08-21 21:27:14 -------- d-----w- C:\Windows\SysWow64\AOE II
    2011-08-21 21:20:52 -------- d-----w- C:\Windows\SysWow64\Settlers VI
    2011-08-21 05:03:16 -------- d-----w- C:\Users\adrian\AppData\Local\Pinnacle
    2011-08-20 22:52:19 -------- d-----w- C:\Windows\SysWow64\Need For Speed Underground
    2011-08-20 22:46:49 -------- d-----w- C:\Program Files (x86)\uTorrent
    2011-08-20 22:46:29 -------- d-----w- C:\Users\adrian\AppData\Local\uTorrent
    2011-08-20 06:45:58 -------- d-----w- C:\Program Files (x86)\EpicBot
    .
    ==================== Find3M ====================
    .
    2011-08-22 03:16:40 48 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
    2011-08-14 00:45:29 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-08-14 00:22:45 60979 ----a-w- C:\adrian3SQLite3.dll
    2011-08-14 00:22:45 60979 ----a-w- \adrian3SQLite3.dll
    2011-08-13 04:24:26 627600 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-08-07 15:15:38 819729 ----a-w- C:\Windows\SysWow64\mrvcl32.exe
    2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 13:59:38.76 ===============
    ==== System Restore Points ===================
    .
    RP384: 8/28/2011 7:00:13 PM - Windows Backup
    RP385: 8/29/2011 8:18:29 PM - Installed LogMeIn Hamachi
    RP386: 9/2/2011 6:22:08 PM - Installed King of Kings 3.
    RP387: 9/4/2011 12:49:48 AM - Restore Operation
    RP388: 9/4/2011 1:19:38 AM - Removed Fliptoast
    RP389: 9/4/2011 1:24:41 AM - Windows Update
    RP391: 9/4/2011 8:52:43 AM - Removed Facebook Video Calling 1.0.0.8177
    RP390: 9/4/2011 8:52:43 AM - Windows Update
    RP392: 9/4/2011 8:56:08 AM - Removed Facebook Video Calling 1.0.0.8177
    RP393: 9/4/2011 9:19:15 AM - Configured Age of Empires III - The Asian Dynasties
    RP394: 9/4/2011 7:07:38 PM - Installed DirectX
    RP395: 9/4/2011 7:23:57 PM - Windows Backup
    RP397: 9/4/2011 7:51:34 PM - Removed Safari
    RP399: 9/5/2011 3:00:41 AM - Windows Update


    (Please help me, I am not very great with computers D: )
     
  2. spizzie

    spizzie TS Rookie Topic Starter

    One more thing

    If you need me to post ANYTHING at all, just tell me and I will do so. I am not very excelled in computers so I don't know so great exactly what I should post. Thank you again for every bit of help you give me! :)
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I will welcome you to this forum but let you know at the same time that we do not accept content such as what was showing at the end of Combofix.r I would also like to make you aware that everyone who posts here thinks their problem is urgent! Your logs will be reviewed in time.

    Please repost these logs intact>> that is from the beginning to the end. Put all log content together> If you need more space, you can make another post in this thread.

    Repost GMER and do not make any additions to it
    DDS has 2 logs: one named DDS.txt, the other named Attach.txt. Both get pasted into the reply> Do not zip the Attach.txt log- that is only it's name.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This system is not secure.

    Did you have any antivirus on the system before installing C:\Program Files\Symantec on 9/4?

    There is no other security on the system.

    You are using several files sharing programs including Bearshare Media Bar, uTorrent and uTorrent toolbar.

    Unless you get some security, there is no point in trying to clean it.
     
  5. spizzie

    spizzie TS Rookie Topic Starter

    Yes, you have my word :)

    The only kind of security I have is malware, and the norton is on the 118 days left. Please tell me what you think I should do as this is really frustrating me and school work is truthfully getting much harder :(
     
  6. spizzie

    spizzie TS Rookie Topic Starter

    No I didn't have any security then ! :X

    I didn't have any security then, I had recently gotten norton though because I figured it might help the problem, but it didn't :X
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you want to pursue this, please uninstall the file sharing program:
    Bearshare Media Bar, uTorrent and uTorrent toolbar.

    =====================================
    Put all or most of the following on the system:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus >> You have added Norton.
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm

      [*]Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy

      [*]Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.

      [*]Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.

      [*]Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner
      [o] ATF Cleaner by Atribune
      [*]Restore Points:
      [o]See System Restore Guide
      [*] Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

    ===============================================

    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    Run the following online virus scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =============================================
    Run the following program:
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.

    Please leave the logs for the following in your next reply:
    Malwrebytes
    Eset online scanner
    CKScan
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...