PDA

View Full Version : iexplorer.exe infected help!.



Cyxee
2011-11-01, 11:29
So i recently contracted malware which was called System Restore, it posed as a windows application yet was asking for a payment to be made. After some googling i found a guide and followed it, it has been successful however im left with iexplorer.exe running 24/7 despite me not having Internet explorer open.
A link to the guide ive used = http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery. i followed their instructions and used all there tools and some others. These include MBAM, MS security essentials, ive used a registry cleaner (my bad.) spybot and Rkill (bleeping computer app). So the initial virus which was a system restore poser has been eliminated however i now have iexplorer.exe on 24/7 help please.

ANother link cotaining info about the malware i contracted. http://www.spywareremovalhelp.org/spyware-removal-help/how-to-get-rid-of-fake-windows-restore-virus.html.

Any help would be appreciated im pretty sure my iexplorer.exe is infected.

jeffce
2011-11-01, 14:29
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

Please download DDS from either of these links

LINK 1 (http://download.bleepingcomputer.com/sUBs/dds.com)
LINK 2 (http://download.bleepingcomputer.com/sUBs/dds.scr)

and save it to your desktop.

Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

GMER

Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the logs created by DDS and GMER. :)

Cyxee
2011-11-01, 14:58
Hey thanks for the help, anyways heres what you've requested :santa:
Other log should be attached to this message.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Steven at 23:43:27 on 2011-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6134.4057 [GMT 11:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com.au/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program files\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{145D26AA-2997-42BB-9E56-802EBB4619D7} : DhcpNameServer = 7.254.254.254
TCP: Interfaces\{18231C3B-8D00-4CBA-93DB-C293EAC62737} : DhcpNameServer = 10.1.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-1-23 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-7 1153368]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-7 2228008]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-9-8 741224]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-2 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-5-5 8192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-2 136176]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-11-01 09:08:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3ADCF90-0D86-4DAA-836D-1E7B0F1CBE60}\offreg.dll
2011-11-01 08:23:11 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-01 08:23:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-01 06:07:35 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B6C6E8A-D5D1-4BE9-B4E8-0722790D0CCC}\gapaengine.dll
2011-11-01 06:07:29 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{838BD038-29AE-4ABF-9C98-6440C71D5D18}\mpengine.dll
2011-11-01 06:05:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-01 06:05:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-01 06:03:41 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3ADCF90-0D86-4DAA-836D-1E7B0F1CBE60}\mpengine.dll
2011-11-01 04:16:22 -------- d-----w- C:\Program Files\ATI
2011-10-30 11:35:03 -------- d-----w- C:\Program Files\CCleaner
2011-10-23 01:52:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-15 07:51:58 -------- d--h--w- C:\ProgramData\Common Files
2011-10-15 07:31:45 -------- d-----w- C:\ProgramData\MFAData
2011-10-15 07:31:10 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-14 04:31:22 -------- d-----w- C:\Program Files (x86)\Orcs Must Die!
2011-10-13 07:52:35 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 07:52:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 07:52:04 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 07:52:04 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 07:52:04 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 07:51:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 07:51:00 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 07:51:00 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 07:51:00 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-06 05:53:05 -------- d-----w- C:\Program Files (x86)\FIFA 12
.
==================== Find3M ====================
.
2011-10-31 12:14:19 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-31 12:14:19 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-31 10:47:37 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-30 05:06:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 09:53:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 00:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 00:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 00:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 00:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 00:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-11 04:11:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-11 04:11:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-24 10:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-08-24 10:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
============= FINISH: 23:51:13.43 ===============

Cyxee
2011-11-01, 15:41
Regarding the GMER instruction picture, everything except services, registry, files, ADS and C:\ are all greyed out. I cannot actually tick them, however i continued with the scan anyways, its attached

jeffce
2011-11-01, 17:03
Hi Cyxee,

I see you are running a 64bit system. Please do the following...


Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe ) to your desktop.

Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
----------

Cyxee
2011-11-01, 17:26
Here you go :laugh:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-02 02:05:34
-----------------------------
02:05:34.584 OS Version: Windows x64 6.1.7601 Service Pack 1
02:05:34.584 Number of processors: 8 586 0x1A05
02:05:34.585 ComputerName: STEVEN-PC UserName: Steven
02:05:36.516 Initialize success
02:10:12.923 AVAST engine defs: 11110102
02:10:16.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
02:10:16.607 Disk 0 Vendor: WDC_WD8088AADS-32L5B1 01.01A01 Size: 771416MB BusType: 3
02:10:16.615 Disk 0 MBR read successfully
02:10:16.617 Disk 0 MBR scan
02:10:16.621 Disk 0 Windows 7 default MBR code
02:10:16.624 Disk 0 MBR hidden
02:10:16.627 Service scanning
02:10:17.290 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:10:17.826 Modules scanning
02:10:17.830 Disk 0 trace - called modules:
02:10:17.834 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80066c8334]<<
02:10:17.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006608790]
02:10:17.843 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80063ad520]
02:10:17.849 5 ACPI.sys[fffff880011a67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80063c9680]
02:10:17.854 \Driver\atapi[0xfffffa800639b9e0] -> IRP_MJ_CREATE -> 0xfffffa80062462c0
02:10:19.956 AVAST engine scan C:\Windows
02:10:22.255 AVAST engine scan C:\Windows\system32
02:11:45.040 AVAST engine scan C:\Windows\system32\drivers
02:11:55.075 AVAST engine scan C:\Users\Steven
02:13:32.851 File: C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f **INFECTED** Win32:Rootkit-gen [Rtk]
02:20:00.105 AVAST engine scan C:\ProgramData
02:22:22.355 Scan finished successfully
02:23:50.642 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
02:23:50.645 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

jeffce
2011-11-01, 20:15
Hi Cyxee,

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Right-click and Run as Administrator TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Cyxee
2011-11-02, 04:33
Hi i attached the log due to it exceeding the text boundary.

Cyxee
2011-11-02, 12:24
This malware is now starting to duplicate my emails and also redirecting me sometimes to other websites, It also resends me emails ive already received lol wtf?, anyways hope you can help :P

jeffce
2011-11-02, 13:47
Hi Cyxee,

Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

Cyxee
2011-11-02, 13:53
Hope this helps :P

ComboFix 09-09-20.01 - steven1 09/21/2009 16:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1483 [GMT 10:00]
Running from: d:\program files\Mozilla firefox\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1413d.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Frag great bend logo
2009-09-20 03:12 . 2009-09-20 03:13 -------- d-----w- c:\documents and settings\steven1\Application Data\Open Ooze
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\program files\Open Ooze
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\program files\Circle Develoement
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-19 06:09 . 2009-09-19 06:20 76580 ----a-w- c:\windows\War3Unin.dat
2009-09-19 06:09 . 2009-09-19 06:17 2829 ----a-w- c:\windows\War3Unin.pif
2009-09-19 06:09 . 2009-09-19 06:17 139264 ----a-w- c:\windows\War3Unin.exe
2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\windows\system32\Futuremark
2009-09-16 06:10 . 2008-09-17 05:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-09-14 09:02 . 2009-09-14 09:02 -------- d-----w- c:\documents and settings\steven1\Application Data\DivX
2009-09-09 08:01 . 2009-09-09 08:09 -------- d-----w- c:\program files\RS2Bot
2009-09-09 08:01 . 2009-09-21 06:25 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-06 07:08 . 2009-09-16 06:12 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-06 07:08 . 2009-09-16 06:12 -------- d-----w- c:\documents and settings\steven1\Application Data\SystemRequirementsLab
2009-09-06 07:01 . 2009-09-20 22:25 253400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-06 06:37 . 2009-09-06 08:21 -------- d-----w- c:\documents and settings\steven1\Local Settings\Application Data\Rockstar Games
2009-09-06 06:33 . 2009-09-06 06:33 -------- d-----w- c:\windows\ServicePackFiles
2009-09-06 06:23 . 2009-09-06 06:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-06 06:18 . 2009-09-06 06:18 -------- d-----w- c:\windows\system32\xlive
2009-09-06 06:18 . 2009-09-06 06:50 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-06 05:13 . 2009-09-06 05:13 -------- d-----w- c:\program files\MSBuild
2009-09-04 09:11 . 2009-09-04 09:11 -------- d-----w- c:\documents and settings\steven1\Local Settings\Application Data\Oblivion
2009-09-03 06:15 . 2009-09-19 05:30 45 ----a-w- c:\documents and settings\steven1\jagex_runescape_preferences2.dat
2009-08-30 13:16 . 2009-08-30 13:24 -------- d-----w- C:\OutputFolder
2009-08-30 13:15 . 2007-04-12 04:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-08-30 13:15 . 2006-09-26 03:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-08-30 13:15 . 2009-08-31 08:47 -------- d-----w- c:\program files\Allok MPEG4 Converter
2009-08-30 10:15 . 2009-08-30 10:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-30 10:15 . 2009-08-30 10:15 -------- d-----w- c:\program files\Common Files\Real
2009-08-30 10:15 . 2009-08-30 10:15 -------- d-----w- c:\program files\Real
2009-08-29 10:13 . 2009-08-29 10:13 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-29 10:13 . 2009-08-29 10:13 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 06:04 . 2008-04-08 13:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 12:55 . 2009-08-12 05:54 23 ----a-w- c:\windows\popcinfot.dat
2009-09-19 14:30 . 2009-07-09 07:23 -------- d-----w- c:\documents and settings\steven1\Application Data\uTorrent
2009-09-19 11:13 . 2009-07-09 12:02 -------- d-----w- c:\program files\Garena
2009-09-19 06:03 . 2009-07-24 07:06 37 ----a-w- c:\documents and settings\steven1\jagex_runescape_preferences.dat
2009-09-16 06:10 . 2008-04-08 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 10:27 . 2009-07-08 05:42 72696 ----a-w- c:\documents and settings\steven1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 14:26 . 2009-07-10 10:28 -------- d-----w- c:\documents and settings\steven1\Application Data\LimeWire
2009-09-02 21:56 . 2008-04-08 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-02 06:52 . 2008-04-08 13:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 11:03 . 2009-07-10 10:27 -------- d-----w- c:\program files\LimeWire
2009-08-26 08:20 . 2009-07-24 07:17 -------- d-----w- c:\program files\Java
2009-08-18 12:30 . 2009-08-18 12:30 -------- d-----w- c:\program files\IVT Corporation
2009-08-18 11:56 . 2009-08-18 11:56 28760 ----a-w- c:\windows\system32\BsTrace1.dll
2009-08-18 10:43 . 2009-08-18 10:43 -------- d-----w- c:\program files\DIFX
2009-08-18 10:43 . 2009-08-18 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-16 17:04 . 2009-08-16 17:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-16 17:04 . 2009-08-16 17:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-16 17:03 . 2009-08-16 17:03 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-16 17:03 . 2009-08-16 17:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-16 17:03 . 2009-08-16 17:03 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-16 17:03 . 2009-08-16 17:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-16 17:03 . 2009-08-16 17:03 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-16 17:03 . 2009-08-16 17:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-16 17:03 . 2009-08-16 17:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-16 17:03 . 2009-08-16 17:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-16 17:03 . 2009-08-16 17:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-16 17:03 . 2009-08-16 17:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 17:02 . 2009-08-16 17:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 14:57 . 2009-06-09 20:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 14:57 . 2009-06-09 20:03 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 14:57 . 2009-06-09 20:03 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 14:57 . 2009-06-09 20:03 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 14:57 . 2008-04-08 12:43 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 14:57 . 2008-04-08 12:43 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 14:57 . 2008-04-08 12:43 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 14:57 . 2008-04-08 12:43 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 14:57 . 2008-04-08 12:43 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 14:57 . 2008-04-08 12:43 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 14:57 . 2008-04-08 12:43 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-15 11:42 . 2009-08-15 11:42 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 11:39 . 2009-08-15 11:39 -------- d--h--r- c:\documents and settings\steven1\Application Data\SecuROM
2009-08-13 11:37 . 2009-08-13 11:26 -------- d-----w- c:\documents and settings\steven1\Application Data\TeamViewer
2009-08-13 11:33 . 2009-08-13 11:33 -------- d-----w- c:\program files\TeamViewer
2009-08-13 09:56 . 2009-08-13 09:56 -------- d-----w- c:\documents and settings\steven1\Application Data\com.adobe.ExMan
2009-08-13 06:08 . 2009-08-13 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-13 05:59 . 2009-08-13 05:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-12 22:23 . 2009-07-31 06:15 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-12 22:23 . 2009-07-31 06:15 -------- d-----w- c:\program files\TortoiseSVN
2009-08-11 02:35 . 2009-07-10 12:03 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-09 03:41 . 2009-07-11 03:02 -------- d-----w- c:\documents and settings\steven1\Application Data\Auslogics
2009-08-07 09:51 . 2009-08-07 09:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 09:51 . 2009-08-07 09:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 03:08 . 2009-08-07 03:08 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-31 06:53 . 2009-07-31 06:53 -------- d-----w- c:\documents and settings\steven1\Application Data\TortoiseSVN
2009-07-31 06:31 . 2009-07-31 06:31 -------- d-----w- c:\program files\Sun
2009-07-31 06:27 . 2009-07-31 06:27 -------- d-----w- c:\documents and settings\steven1\Application Data\Subversion
2009-07-24 19:23 . 2009-07-24 07:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 07:07 . 2009-07-17 07:07 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-07-12 10:44 . 2009-07-12 10:44 22328 ----a-w- c:\documents and settings\steven1\Application Data\PnkBstrK.sys
2009-07-11 05:05 . 2009-07-11 05:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-09-06 306088]
"interidle"="c:\docume~1\steven1\APPLIC~1\OPENOO~1\Tickeggs.exe" [2009-09-20 663552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-06 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-06 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-06 455168]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-27 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-30 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-16 86016]
"bend logo clock film"="c:\documents and settings\All Users\Application Data\Frag great bend logo\Copy Safe.exe" [2009-09-21 819200]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

[HKLM\~\startupfolder\C:^Documents and Settings^steven1^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\steven1\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\insurgency\\hl2.exe"=
"d:\\Program files\\Steam\\Steam.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\source sdk base 2007\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\team fortress 2\\hl2.exe"=
"d:\\Program files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [4/8/2008 10:39 PM 1275584]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
S3 cpuz130;cpuz130;\??\c:\docume~1\steven1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\steven1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\steven1\LOCALS~1\Temp\FFR296.tmp --> c:\docume~1\steven1\LOCALS~1\Temp\FFR296.tmp [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\A553F99F90A46ECF.job
- c:\docume~1\steven1\applic~1\openoo~1\Book 4 owns.exe [2009-09-20 03:13]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\steven1\Application Data\Mozilla\Firefox\Profiles\aqzow3ck.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\steven1\LOCALS~1\Temp\FFR296.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-413027322-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:4f,99,dc,36,83,ec,d4,46,eb,d2,f5,2e,94,de,d8,68,c4,7a,26,82,a7,
57,ba,c3,84,2b,a0,cc,91,71,83,15,f7,3d,25,fa,d0,45,27,2d,dc,0f,6c,fe,ce,24,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-21 16:45
ComboFix-quarantined-files.txt 2009-09-21 06:45

Pre-Run: 68,337,336,320 bytes free
Post-Run: 68,375,846,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

294 --- E O F --- 2008-04-08 13:44

jeffce
2011-11-02, 22:13
Hi Cyxee,



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


File::
c:\docume~1\steven1\applic~1\openoo~1\Book 4 owns.exe
c:\windows\system32\BsTrace1.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"interidle"=-

Driver::
GarenaPEngine


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Cyxee
2011-11-03, 18:23
Here you go :P,

"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 NLNdisMP;NLNdisMP; [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service; [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-05-31 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Empires Mod 2.24d - c:\program files (x86)\Steam\UninstalEmpires.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670721475-2207048279-2083128198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,31,74,18,35,9a,34,a1,3c,67,73,b0,9b,fd,7d,b7,a3,74,14,4a,6c,
62,0c,c1,04,73,3c,7e,bb,bb,40,00,3e,32,fc,29,8b,25,cb,56,5c,cc,e8,35,9c,19,\
"rkeysecu"=hex:1a,af,80,93,39,55,c8,4d,93,ee,46,31,08,6c,78,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SteamService.exe"
"ComponentVersion"="1.5.31.0"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Steam.exe1"
"ComponentVersion"="1.0.968.628"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-04 03:19:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-03 16:19
ComboFix2.txt 2009-09-21 06:45
.
Pre-Run: 88,821,305,344 bytes free
Post-Run: 88,721,883,136 bytes free
.
- - End Of File - - AF3D966F9301D197D2166E2D78308801

jeffce
2011-11-03, 22:20
Hi,

It looks like only part of the ComboFix log was posted. Can you make sure that you were able to post all of the log that was created? :)

Cyxee
2011-11-04, 08:58
ComboFix 11-11-03.05 - Steven 04/11/2011 16:42:05.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6134.4319 [GMT 11:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
Command switches used :: c:\users\Steven\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\docume~1\steven1\applic~1\openoo~1\Book 4 owns.exe"
"c:\windows\system32\BsTrace1.dll"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 06:13 . 2011-11-04 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 08:23 . 2011-11-01 09:17 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-01 08:23 . 2011-11-01 09:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-01 06:07 . 2011-11-01 06:07 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B6C6E8A-D5D1-4BE9-B4E8-0722790D0CCC}\gapaengine.dll
2011-11-01 06:07 . 2011-10-06 10:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{838BD038-29AE-4ABF-9C98-6440C71D5D18}\mpengine.dll
2011-11-01 06:05 . 2011-11-01 06:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-01 06:05 . 2011-11-01 08:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-01 06:03 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3ADCF90-0D86-4DAA-836D-1E7B0F1CBE60}\mpengine.dll
2011-11-01 04:23 . 2011-11-01 04:23 -------- d-----w- c:\programdata\ATI
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\program files\ATI
2011-10-30 11:35 . 2011-11-01 05:54 -------- d-----w- c:\program files\CCleaner
2011-10-30 11:34 . 2011-10-31 04:41 -------- d-----w- c:\program files\Google
2011-10-23 01:52 . 2011-11-01 05:53 -------- d-----w- c:\program files (x86)\AMD APP
2011-10-15 07:51 . 2011-10-15 07:51 -------- d--h--w- c:\programdata\Common Files
2011-10-15 07:31 . 2011-10-15 16:28 -------- d-----w- c:\programdata\MFAData
2011-10-15 07:31 . 2011-10-16 03:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-14 04:31 . 2011-10-14 04:38 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-13 07:52 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 07:52 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 07:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 07:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 07:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-06 05:53 . 2011-11-01 05:54 -------- d-----w- c:\program files (x86)\FIFA 12
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 16:26 . 2011-05-16 04:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-02 16:26 . 2010-03-07 00:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-02 16:24 . 2010-10-12 05:28 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 05:06 . 2011-06-13 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 09:53 . 2011-05-16 04:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 00:47 . 2011-09-14 00:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 00:47 . 2011-09-14 00:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 00:47 . 2011-09-14 00:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 00:38 . 2011-09-14 00:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 00:38 . 2011-09-14 00:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-11 04:15 . 2011-09-11 04:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 448512 ----a-w- c:\windows\system32\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-11 04:15 . 2011-09-11 04:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-11 04:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-11 04:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-03-09 04:55 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2011-03-09 04:40 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-07 10:11 . 2011-09-07 10:11 3584 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-08-24 10:19 . 2011-08-24 10:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 10:18 . 2011-08-24 10:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_15.58.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 07:06 . 2011-11-04 05:07 69148 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 05:07 30328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 07:02 . 2011-11-04 05:07 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670721475-2207048279-2083128198-1000_UserData.bin
- 2010-01-23 07:02 . 2011-11-03 15:59 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670721475-2207048279-2083128198-1000_UserData.bin
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 06:15 . 2011-11-04 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-04 06:15 . 2011-11-04 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-11-03 15:47 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-04 06:14 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-12 14:12 . 2011-11-04 06:14 19971023 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670721475-2207048279-2083128198-1000-12288.dat
- 2011-02-12 14:12 . 2011-11-03 15:47 19971023 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670721475-2207048279-2083128198-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-07 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 NLNdisMP;NLNdisMP; [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service; [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-05-31 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670721475-2207048279-2083128198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,31,74,18,35,9a,34,a1,3c,67,73,b0,9b,fd,7d,b7,a3,74,14,4a,6c,
62,0c,c1,04,73,3c,7e,bb,bb,40,00,3e,32,fc,29,8b,25,cb,56,5c,cc,e8,35,9c,19,\
"rkeysecu"=hex:1a,af,80,93,39,55,c8,4d,93,ee,46,31,08,6c,78,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SteamService.exe"
"ComponentVersion"="1.5.31.0"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Steam.exe1"
"ComponentVersion"="1.0.968.628"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-04 17:43:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 06:43
ComboFix2.txt 2011-11-03 16:19
ComboFix3.txt 2009-09-21 06:45
.
Pre-Run: 88,763,260,928 bytes free
Post-Run: 88,642,154,496 bytes free
.
- - End Of File - - A214E0AF69395A7B9B27945D6C4E2ACB

jeffce
2011-11-04, 13:37
Hi Cyxee,

I see that you have Malwarebytes on your system. Please run Malwarebytes, update it and then run a Quick Scan. A log will be produced that I will need to see in your next reply.
---------------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.



Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner. :)

Cyxee
2011-11-04, 18:53
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8082

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

4/11/2011 10:47:43 PM
mbam-log-2011-11-04 (22-47-43).txt

Scan type: Quick scan
Objects scanned: 185536
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Cyxee
2011-11-04, 19:36
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f a variant of Win32/Kryptik.USY trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd Java/Agent.DW trojan
C:\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc multiple threats
C:\Users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan

jeffce
2011-11-04, 19:45
Hi Cyxee,

P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
--------------


Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


File::
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd
C:\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc
C:\Users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll

Driver::
NLNdisMP
NLNdisPT


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Cyxee
2011-11-05, 10:51
ComboFix 11-11-05.01 - Steven 05/11/2011 18:38:37.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6134.3977 [GMT 11:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
Command switches used :: c:\users\Steven\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f"
"c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd"
"c:\users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc"
"c:\users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steven\AppData\Local\Temp\~DBB0.tmp
c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f
c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd
c:\users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc
c:\users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NLNdisMP
-------\Service_NLNdisPT
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 08:14 . 2011-11-05 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 11:50 . 2011-11-04 11:50 -------- d-----w- c:\program files (x86)\ESET
2011-11-04 11:21 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B9B1DF4-06CB-47C7-8639-8285FBD958B1}\mpengine.dll
2011-11-04 07:16 . 2011-11-04 07:16 -------- d-----w- c:\programdata\ATI
2011-11-04 07:16 . 2011-11-04 07:16 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-04 07:16 . 2011-11-04 07:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-01 08:23 . 2011-11-01 09:17 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-01 08:23 . 2011-11-01 09:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-01 06:07 . 2011-11-01 06:07 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B6C6E8A-D5D1-4BE9-B4E8-0722790D0CCC}\gapaengine.dll
2011-11-01 06:07 . 2011-10-06 10:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{838BD038-29AE-4ABF-9C98-6440C71D5D18}\mpengine.dll
2011-11-01 06:05 . 2011-11-01 06:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-01 06:05 . 2011-11-01 08:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\program files\ATI
2011-10-30 11:35 . 2011-11-01 05:54 -------- d-----w- c:\program files\CCleaner
2011-10-30 11:34 . 2011-10-31 04:41 -------- d-----w- c:\program files\Google
2011-10-19 11:14 . 2011-10-19 11:14 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-10-15 07:51 . 2011-10-15 07:51 -------- d--h--w- c:\programdata\Common Files
2011-10-15 07:31 . 2011-10-15 16:28 -------- d-----w- c:\programdata\MFAData
2011-10-15 07:31 . 2011-10-16 03:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-14 04:31 . 2011-10-14 04:38 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-13 07:52 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 07:52 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 07:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 07:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 07:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:10 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-10-12 20:08 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-10-12 19:44 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:38 . 2011-10-12 19:38 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-12 19:31 . 2011-10-12 19:31 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-10-12 19:29 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-12 05:16 . 2011-10-12 05:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-12 05:16 . 2011-10-12 05:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-12 05:14 . 2011-10-12 05:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 09:42 . 2011-05-16 04:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-04 09:42 . 2010-03-07 00:53 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-04 09:39 . 2010-10-12 05:28 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 05:06 . 2011-06-13 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 09:53 . 2011-05-16 04:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-12 20:14 . 2011-09-08 17:34 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-12 20:04 . 2011-09-08 17:24 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-12 19:54 . 2011-03-09 04:40 4960768 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-12 19:44 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:39 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:33 . 2011-09-08 17:08 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:29 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-14 00:47 . 2011-09-14 00:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 00:38 . 2011-09-14 00:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 00:38 . 2011-09-14 00:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-11 04:15 . 2011-09-11 04:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 448512 ----a-w- c:\windows\system32\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-11 04:15 . 2011-09-11 04:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-11 04:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-11 04:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-07 10:11 . 2011-09-07 10:11 3584 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-08-24 10:19 . 2011-08-24 10:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 10:18 . 2011-08-24 10:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_15.58.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 07:06 . 2011-11-05 04:05 69404 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-05 08:25 30376 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 07:02 . 2011-11-05 04:05 20516 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670721475-2207048279-2083128198-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-11-04 07:15 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-23 01:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-12 19:39 . 2011-10-12 19:39 58880 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\coinst.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 31744 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiuxpag.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 40960 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiuxp64.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 29184 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiu9pag.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 38912 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiu9p64.dll
+ 2009-06-22 15:34 . 2009-06-22 15:34 51200 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ATIODCLI.exe
+ 2011-10-12 20:07 . 2011-10-12 20:07 21504 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atimuixx.dll
+ 2011-10-12 19:16 . 2011-10-12 19:16 54784 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atimpc64.dll
+ 2011-10-12 19:16 . 2011-10-12 19:16 53760 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atimpc32.dll
+ 2011-10-12 19:31 . 2011-10-12 19:31 14336 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiglpxx.dll
+ 2011-10-12 19:30 . 2011-10-12 19:30 32768 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atigktxx.dll
+ 2011-10-12 19:30 . 2011-10-12 19:30 39936 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atig6txx.dll
+ 2011-10-12 19:31 . 2011-10-12 19:31 17408 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atig6pxx.dll
+ 2011-10-12 20:07 . 2011-10-12 20:07 59392 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiedu64.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 51200 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalrt64.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 46080 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalrt.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 44544 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalcl64.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 44032 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalcl.dll
+ 2011-10-12 19:28 . 2011-10-12 19:28 53248 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ati2erec.dll
+ 2011-10-12 20:07 . 2011-10-12 20:07 43520 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ati2edxx.dll
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{EFABB945-0D32-C208-897A-F611F63A19D4}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\ARPPRODUCTICON.exe
+ 2011-11-04 07:16 . 2011-11-04 07:16 88102 c:\windows\Installer\{6681A016-C62A-DD7B-7F56-25B1A55CE12A}\ARPPRODUCTICON.exe
+ 2011-11-04 07:16 . 2011-11-04 07:16 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
- 2011-10-23 01:52 . 2011-10-23 01:52 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
+ 2011-11-04 07:16 . 2011-11-04 07:16 88102 c:\windows\Installer\{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{34962E5E-FAC1-D8DF-7070-AA2B58971E31}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
- 2011-10-23 01:51 . 2011-10-23 01:51 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}\ARPPRODUCTICON.exe
- 2011-10-25 09:53 . 2011-10-25 09:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-03-17 17:51 . 2011-03-17 17:51 3929 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atipblag.dat
+ 2011-11-05 08:18 . 2011-11-05 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-05 08:18 . 2011-11-05 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2011-10-23 01:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-04 07:15 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-23 01:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-11-04 07:15 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-10-12 20:07 . 2011-10-12 20:07 278528 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\Oemdspif.dll
+ 2011-10-12 20:08 . 2011-10-12 20:08 120320 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atitmm64.dll
+ 2011-10-12 20:08 . 2011-10-12 20:08 356352 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atipdlxx.dll
+ 2011-10-12 20:08 . 2011-10-12 20:08 423424 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atipdl64.dll
+ 2010-08-27 18:33 . 2010-08-27 18:33 332800 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ATIODE.exe
+ 2011-10-12 19:30 . 2011-10-12 19:30 317952 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atikmpag.sys
+ 2011-08-17 19:48 . 2011-08-17 19:48 237701 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiicdxx.dat
+ 2011-10-12 20:09 . 2011-10-12 20:09 204288 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiesrxx.exe
+ 2011-10-12 20:10 . 2011-10-12 20:10 487936 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atieclxx.exe
+ 2011-10-12 20:10 . 2011-10-12 20:10 466944 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ATIDEMGX.dll
+ 2011-10-12 20:13 . 2011-10-12 20:13 867328 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticfx64.dll
+ 2011-10-12 20:14 . 2011-10-12 20:14 736768 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticfx32.dll
+ 2009-05-11 21:35 . 2009-05-11 21:35 118784 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atibtmon.exe
+ 2011-10-12 20:14 . 2011-10-12 20:14 159744 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiapfxx.exe
+ 2011-10-12 19:31 . 2011-10-12 19:31 335872 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiadlxy.dll
+ 2011-10-12 19:31 . 2011-10-12 19:31 479744 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiadlxx.dll
+ 2011-08-17 19:48 . 2011-08-17 19:48 237701 c:\windows\system32\atiicdxx.dat
+ 2009-07-14 05:01 . 2011-11-05 08:17 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-03 15:47 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-25 19:29 . 2011-10-25 19:29 395776 c:\windows\Installer\32a88.msi
+ 2011-10-25 19:29 . 2011-10-25 19:29 747008 c:\windows\Installer\32a83.msi
+ 2011-03-14 19:37 . 2011-03-14 19:37 528896 c:\windows\Installer\32a79.msi
+ 2011-10-25 19:29 . 2011-10-25 19:29 629248 c:\windows\Installer\32a6d.msi
+ 2011-11-05 07:37 . 2011-11-05 07:37 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-10-12 19:33 . 2011-10-12 19:33 4174848 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumdva.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 1828864 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumdmv.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 4289024 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumdag.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 1113088 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumd6v.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 4023296 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumd6a.dll
+ 2011-10-12 19:38 . 2011-10-12 19:38 5431808 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumd64.dll
+ 2011-10-12 19:54 . 2011-10-12 19:54 4960768 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atidxx64.dll
+ 2011-10-12 20:04 . 2011-10-12 20:04 4231680 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atidxx32.dll
+ 2011-10-12 19:45 . 2011-10-12 19:45 9877504 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticaldd64.dll
+ 2011-10-12 19:42 . 2011-10-12 19:42 8391680 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticaldd.dll
+ 2011-10-25 19:26 . 2011-10-25 19:26 1649152 c:\windows\Installer\32a98.msi
+ 2011-10-25 19:34 . 2011-10-25 19:34 1478656 c:\windows\Installer\32a93.msi
+ 2011-10-25 19:31 . 2011-10-25 19:31 1891328 c:\windows\Installer\32a7e.msi
+ 2011-10-25 19:25 . 2011-10-25 19:25 6775808 c:\windows\Installer\32a74.msi
+ 2011-11-05 07:37 . 2011-11-05 07:37 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-12 20:04 . 2011-10-12 20:04 18630656 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atioglxx.dll
+ 2011-10-12 20:20 . 2011-10-12 20:20 24629760 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atio6axx.dll
+ 2011-10-12 20:56 . 2011-10-12 20:56 10207232 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atikmdag.sys
+ 2011-02-12 14:12 . 2011-11-05 08:17 20097400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670721475-2207048279-2083128198-1000-12288.dat
+ 2011-10-25 19:31 . 2011-10-25 19:31 14551040 c:\windows\Installer\32aa0.msi
+ 2011-10-25 19:29 . 2011-10-25 19:29 11220480 c:\windows\Installer\32a8e.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-07 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-05-31 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF20937.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670721475-2207048279-2083128198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,31,74,18,35,9a,34,a1,3c,67,73,b0,9b,fd,7d,b7,a3,74,14,4a,6c,
62,0c,c1,04,73,3c,7e,bb,bb,40,00,3e,32,fc,29,8b,25,cb,56,5c,cc,e8,35,9c,19,\
"rkeysecu"=hex:1a,af,80,93,39,55,c8,4d,93,ee,46,31,08,6c,78,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SteamService.exe"
"ComponentVersion"="1.5.31.0"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Steam.exe1"
"ComponentVersion"="1.0.968.628"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-05 19:44:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 08:44
ComboFix2.txt 2011-11-04 06:43
ComboFix3.txt 2011-11-03 16:19
ComboFix4.txt 2009-09-21 06:45
.
Pre-Run: 79,372,320,768 bytes free
Post-Run: 75,238,346,752 bytes free
.
- - End Of File - - 7EEF23D65327AF617C4EFE54B954AB65

jeffce
2011-11-05, 16:33
Hi Cyxee,

How is your system running now? :)

Cyxee
2011-11-06, 09:29
Well iexplorer.exe is still running 24/7 and is starting to consume alot of memory around 100,000K+ in task manager. I am still being redirected to random sites sometimes also, and i still have my email application downloading the same emails which i have received every time. For example every 15 minutes i believe my email checks the server, I'll use spybot's notification email as an example (ive received approx 6 emails from spybot telling me you've replied), however every time my email application (Mozilla Thunderbird) checks for new emails every 15 minutes it will download all the spybot alerts which i already have?. Do the math 5 hours = 300 emails, now thats assuming that i only receive emails from spybot.... which i dont, so yeh i have mega spam. Overall whatever infected me is still present within this machine. Hopefully you can help me Jeff :P

Cyxee
2011-11-06, 09:42
Okay, the email problem i exaggerated its not 500 emails every 5 hours, its around 100, but still the more emails i receive from people, the more ill have on the server, hence the more i will download, let me show u an example screen shot.

I colour coded this screen shot, the same colour = same email, note this is just a small section of the emails ive received lol.

Screen shot is in the zip file attached

jeffce
2011-11-06, 18:46
Hi Cyxee,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Cyxee
2011-11-06, 19:21
OTL logfile created on: 7/11/2011 4:00:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steven\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 73.03% Memory free
11.98 Gb Paging File | 10.13 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 753.24 Gb Total Space | 218.65 Gb Free Space | 29.03% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 1C 18 F6 F8 9B CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/16 19:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 19:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/05 18:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/09/15 16:21:12 | 000,000,000 | ---D | M]

[2011/05/20 17:14:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2010/01/23 21:52:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/28 18:37:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/15 03:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 20:17:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 19:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/05 19:24:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145D26AA-2997-42BB-9E56-802EBB4619D7}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18231C3B-8D00-4CBA-93DB-C293EAC62737}: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 03:59:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/05 19:44:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 19:24:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/05 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\PAYDAY
[2011/11/05 18:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/11/05 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/11/05 18:29:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:45:26 | 003,191,696 | ---- | C] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/04 22:50:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/04 18:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/04 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/04 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/04 02:02:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/04 02:02:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/04 02:02:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/02 22:50:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 22:48:52 | 004,283,620 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/02 13:23:13 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/11/02 02:04:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/01 23:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 19:23:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/01 14:54:40 | 100,299,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 22:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/30 22:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/27 18:56:26 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\loloololol
[2011/10/27 00:47:41 | 000,000,000 | -H-D | C] -- C:\Users\Steven\Documents\Battlefield 3
[2011/10/15 18:51:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/15 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/15 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/14 15:39:23 | 000,000,000 | -H-D | C] -- C:\Users\Steven\Documents\Orcs Must Die
[2011/10/14 15:36:20 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/10/14 15:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/10/14 03:39:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/14 03:39:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/14 03:39:04 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/14 03:39:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/14 03:39:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/14 03:39:02 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/14 03:39:02 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/14 03:39:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/14 03:39:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 18:52:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 18:52:04 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 18:52:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 18:52:04 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 18:51:00 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/13 18:51:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 07:56:18 | 010,207,232 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/10/13 07:20:20 | 024,629,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/10/13 07:14:36 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/10/13 07:10:28 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/10/13 07:10:18 | 000,487,936 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/10/13 07:09:44 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/10/13 07:08:34 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/10/13 07:08:16 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/10/13 07:08:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/10/13 07:07:58 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/10/13 07:07:54 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/10/13 07:07:48 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/10/13 07:07:44 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/10/13 07:04:14 | 018,630,656 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/10/13 06:46:20 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/10/13 06:46:18 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/10/13 06:46:10 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/10/13 06:46:08 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/10/13 06:45:58 | 009,877,504 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/10/13 06:44:44 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/10/13 06:44:20 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/10/13 06:44:10 | 004,023,296 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/10/13 06:42:56 | 008,391,680 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/10/13 06:38:20 | 005,431,808 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/10/13 06:31:34 | 000,479,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/10/13 06:31:22 | 000,335,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/10/13 06:31:06 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/10/13 06:30:58 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/10/13 06:30:50 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/10/13 06:30:42 | 000,317,952 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/10/13 06:29:34 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/10/13 06:28:30 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011/10/12 16:16:22 | 016,787,456 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/10/12 16:14:54 | 000,051,200 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steven\Desktop\*.tmp files -> C:\Users\Steven\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 04:03:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 04:03:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 03:59:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/07 03:56:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 03:55:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 03:55:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/07 03:55:34 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 02:27:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 18:37:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/06 17:53:48 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/05 23:42:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/05 20:42:55 | 000,000,917 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/11/05 20:42:55 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/11/05 20:31:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 20:31:49 | 000,726,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/05 20:31:49 | 000,150,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/05 19:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/05 19:17:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/11/05 18:36:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/05 18:27:59 | 004,283,620 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/05 00:45:39 | 003,191,696 | ---- | M] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 07:02:34 | 036,234,186 | ---- | M] () -- C:\Users\Steven\Desktop\crack.rar
[2011/11/02 13:31:18 | 000,023,347 | ---- | M] () -- C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:56 | 001,545,436 | ---- | M] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | M] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 02:05:07 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/02 00:38:31 | 000,000,719 | ---- | M] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | M] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:43:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 20:17:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 17:05:50 | 000,894,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/01 15:52:31 | 000,000,448 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,200 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/01 15:30:25 | 000,000,440 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,304 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,200 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/01 14:55:51 | 100,299,728 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 16:06:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/30 10:07:14 | 000,000,000 | -H-- | M] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/28 11:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/10/25 21:58:06 | 000,885,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/25 20:54:31 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/25 20:53:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/24 20:26:41 | 032,147,858 | ---- | M] () -- C:\Users\Steven\Desktop\SmartSteam_v1.4.1_Incl_Steam_20110909.rar
[2011/10/21 17:29:13 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/17 22:38:30 | 000,000,129 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences2.dat
[2011/10/17 22:38:30 | 000,000,046 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences.dat
[2011/10/14 15:36:20 | 000,001,256 | ---- | M] () -- C:\Users\Steven\Desktop\Orcs Must Die!.lnk
[2011/10/14 14:35:23 | 000,304,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 07:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/10/13 07:20:20 | 024,629,760 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/10/13 07:15:20 | 000,198,664 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/10/13 07:14:36 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/10/13 07:14:26 | 000,736,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011/10/13 07:13:00 | 000,867,328 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011/10/13 07:10:28 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/10/13 07:10:18 | 000,487,936 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/10/13 07:09:44 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/10/13 07:08:34 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/10/13 07:08:16 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/10/13 07:08:10 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/10/13 07:07:58 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/10/13 07:07:54 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/10/13 07:07:48 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/10/13 07:07:44 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/10/13 07:04:42 | 004,231,680 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011/10/13 07:04:14 | 018,630,656 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/10/13 06:54:44 | 004,960,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011/10/13 06:46:20 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/10/13 06:46:18 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/10/13 06:46:10 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/10/13 06:46:08 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/10/13 06:45:58 | 009,877,504 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/10/13 06:44:44 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/10/13 06:44:28 | 004,289,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011/10/13 06:44:20 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/10/13 06:44:10 | 004,023,296 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/10/13 06:42:56 | 008,391,680 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/10/13 06:39:38 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/10/13 06:39:34 | 001,847,904 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/10/13 06:38:20 | 005,431,808 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/10/13 06:33:10 | 004,174,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011/10/13 06:32:14 | 001,849,344 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/10/13 06:31:34 | 000,479,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/10/13 06:31:22 | 000,335,872 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/10/13 06:31:06 | 000,017,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/10/13 06:30:58 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/10/13 06:30:50 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/10/13 06:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/10/13 06:29:50 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011/10/13 06:29:42 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011/10/13 06:29:34 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/10/13 06:29:26 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011/10/13 06:28:30 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011/10/12 16:16:36 | 000,066,048 | ---- | M] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011/10/12 16:16:22 | 016,787,456 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/10/12 16:14:54 | 000,051,200 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steven\Desktop\*.tmp files -> C:\Users\Steven\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/05 21:06:37 | 036,234,186 | ---- | C] () -- C:\Users\Steven\Desktop\crack.rar
[2011/11/05 21:06:37 | 032,147,858 | ---- | C] () -- C:\Users\Steven\Desktop\SmartSteam_v1.4.1_Incl_Steam_20110909.rar
[2011/11/05 18:36:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/04 02:02:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/04 02:02:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/04 02:02:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/04 02:02:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/04 02:02:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/02 13:31:18 | 000,023,347 | ---- | C] () -- C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:48 | 001,545,436 | ---- | C] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | C] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 00:38:31 | 000,000,719 | ---- | C] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | C] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:44:55 | 000,302,592 | ---- | C] () -- C:\Users\Steven\Desktop\gmer.exe
[2011/11/01 17:06:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/01 15:49:18 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,200 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/01 15:49:15 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/01 15:28:20 | 000,000,200 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/01 15:28:19 | 000,000,304 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/01 15:28:13 | 000,000,440 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 22:35:04 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/30 10:07:14 | 000,000,000 | -H-- | C] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/25 20:54:31 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/14 15:36:20 | 000,001,256 | ---- | C] () -- C:\Users\Steven\Desktop\Orcs Must Die!.lnk
[2011/10/13 07:15:20 | 000,198,664 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/10/13 06:39:34 | 001,847,904 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/10/13 06:32:14 | 001,849,344 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/10/12 16:16:36 | 000,066,048 | ---- | C] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011/08/24 21:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/07/24 23:35:42 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/16 19:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/29 15:04:36 | 000,000,006 | -H-- | C] () -- C:\Users\Steven\AppData\Roaming\start
[2011/05/16 15:32:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/16 15:32:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/05 17:21:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 19:01:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/30 14:59:57 | 000,000,094 | -H-- | C] () -- C:\Users\Steven\AppData\Local\fusioncache.dat
[2010/09/30 11:47:38 | 000,894,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/08 01:49:25 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/07/27 19:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 19:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 19:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/19 23:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/04/26 14:21:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/26 00:09:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/02/25 18:04:09 | 000,007,602 | -H-- | C] () -- C:\Users\Steven\AppData\Local\resmon.resmoncfg
[2010/02/10 16:00:42 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/01 22:29:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/01 22:29:49 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/01/23 18:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/23 18:03:27 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/01/23 18:03:27 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/23 17:59:20 | 000,030,911 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/01/23 17:58:36 | 000,021,355 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/12/28 18:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/01/31 17:34:45 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\acccore
[2010/08/06 21:27:23 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\AnvSoft
[2010/08/08 15:22:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\App Launcher Gadget
[2010/09/08 23:29:57 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Auslogics
[2010/12/29 03:04:41 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Cool Record Edit Pro
[2011/11/05 18:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite
[2011/07/03 02:05:40 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Day 1 Studios
[2011/11/01 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Dev-Cpp
[2010/12/28 23:26:02 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Free Sound Recorder
[2011/11/01 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\FrostWire
[2011/11/01 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\GameHouse
[2011/02/09 16:19:16 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Huut
[2010/08/24 18:53:39 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\IObit
[2010/01/29 20:40:31 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Leadertech
[2011/06/05 20:16:42 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\LolClient
[2010/06/06 17:29:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Mount&Blade Warband
[2011/05/08 01:18:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/11/01 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Opera
[2011/05/20 17:37:58 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Oqteof
[2011/10/21 17:29:31 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Origin
[2011/05/29 19:02:40 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Poegg
[2010/07/05 15:34:44 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\runic games
[2010/04/17 21:27:24 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Subversion
[2011/11/01 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\SystemRequirementsLab
[2011/11/05 00:46:05 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TeamViewer
[2011/11/01 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Thunderbird
[2011/11/01 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TS3Client
[2011/11/07 02:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Tunngle
[2011/11/01 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Ubisoft
[2011/09/28 20:18:50 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Utherverse
[2011/11/07 03:12:59 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\uTorrent
[2011/02/09 15:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Yrkyk
[2011/10/28 19:46:29 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A8E2C33

< End of report >

Cyxee
2011-11-06, 19:22
OTL Extras logfile created on: 7/11/2011 4:00:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steven\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 73.03% Memory free
11.98 Gb Paging File | 10.13 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 753.24 Gb Total Space | 218.65 Gb Free Space | 29.03% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{36A415C2-7181-421D-92C9-8255766E0FF3}" = TortoiseSVN 1.6.10.19898 (64 bit)
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.WORD" = Microsoft Word 2010
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1" = The Witcher 2 Assassins of Kings version 1.0
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7D6283AC-26E6-5F9C-AB8F-08D8A3EFB819}" = Application Profiles
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"APB Reloaded" = APB Reloaded
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Eurobattle.net1.24b" = Eurobattle.net
"Fallout New Vegas_is1" = Fallout New Vegas
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"FrostWire" = FrostWire 4.21.7
"GamersFirst LIVE!" = GamersFirst LIVE!
"hon" = Heroes of Newerth
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mount&Blade Warband" = Mount&Blade Warband
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"OpenAL" = OpenAL
"Opera 11.52.1100" = Opera 11.52
"Origin" = Origin
"Payday The Heist (c) OVERKILL Software_is1" = Payday The Heist (c) OVERKILL Software version 1
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"StarCraft II" = StarCraft II
"Steam App 12840" = DiRT 2
"Steam App 17410" = Mirror's Edge
"Steam App 17740" = Empires
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6980" = Thief: Deadly Shadows
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2011 1:41:58 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34754777

Error - 4/11/2011 1:41:58 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34754777

Error - 4/11/2011 1:41:59 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2011 1:41:59 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34755791

Error - 4/11/2011 1:41:59 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34755791

Error - 4/11/2011 1:42:04 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2011 1:42:04 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34760783

Error - 4/11/2011 1:42:04 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34760783

Error - 5/11/2011 5:42:51 AM | Computer Name = Steven-PC | Source = TnglCtrl.exe | ID = 0
Description =

Error - 6/11/2011 8:08:06 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: steam.exe, version: 1.0.1065.11, time stamp:
0x4d9b89de Faulting module name: steamclient.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4e692a41 Exception code: 0xc0000005 Fault offset: 0x383170c8 Faulting process
id: 0x14e8 Faulting application start time: 0x01cc9c7981cff722 Faulting application
path: C:\Program Files (x86)\Steam\steam.exe Faulting module path: steamclient.dll
Report
Id: fb7dc906-086f-11e1-851d-e0cb4e321de0

[ System Events ]
Error - 5/11/2011 4:18:48 AM | Computer Name = Steven-PC | Source = Microsoft Antimalware | ID = 5101
Description =

Error - 5/11/2011 4:18:58 AM | Computer Name = Steven-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 5/11/2011 4:19:04 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/11/2011 4:38:59 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/11/2011 5:27:40 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 2:43:27 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 2:44:24 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 3:04:19 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 12:55:34 PM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 12:56:32 PM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >

jeffce
2011-11-07, 00:41
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Cyxee
2011-11-07, 12:52
CKScanner - Additional Security Risks - These are not necessarily bad
c:\lol\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\lol\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\lol\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\lol\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\lol\steamapps\nigga21\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\lol\steamapps\nigga21\counter-strike source\cstrike\materials\concrete\prodwllecracked.vmt
c:\lol\steamapps\nigga21\garrysmod\garrysmod\addons\phx3\sound\phx\.svn\prop-base\eggcrack.wav.svn-base
c:\lol\steamapps\nigga21\garrysmod\garrysmod\addons\phx3\sound\phx\.svn\text-base\eggcrack.wav.svn-base
c:\lol\steamapps\sourcemods\empires\materials\common\models\props_system\resourcepoint_crackalpha.vtf
c:\lol\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vmt
c:\lol\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vtf
c:\lol\steamapps\sourcemods\empires\materials\common\overlays\cracked01_normal.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth1.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth2.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3_normal.vtf
c:\lol\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt
c:\lol\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf
c:\lol\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf
c:\program files\mount&blade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\gamersfirst\apb reloaded\apbgame\content\release\packages\symboleditor\primitives_splatscracks.upk
c:\program files (x86)\mount&blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\materials\concrete\prodwllecracked.vmt
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\models\props_system\resourcepoint_crackalpha.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vmt
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01_normal.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth1.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth2.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3_normal.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf
c:\program files (x86)\stunlock studios\bloodline champions\content\particles\1x1\point_cracks.dds.xnb
c:\users\steven\desktop\crack.rar
c:\users\steven\downloads\auslogics boostspeed 5.0.2.200\crack instructions.txt
scanner sequence 3.ZZ.11.SUNALI
----- EOF -----

jeffce
2011-11-07, 21:59
Hi Cyxee,

CKScanner has detected illegal software on your system. Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal. If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime.

I have worked up a fix for their removal. If you do not agree to this then this thread will be closed and no further help will be offered. Please let me know if you wish to continue.

Cyxee
2011-11-08, 04:57
I wish to continue.

jeffce
2011-11-08, 05:54
Hi Cyxee,

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
-----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Services

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 1C 18 F6 F8 9B CA 01
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steven\Desktop\*.tmp files -> C:\Users\Steven\Desktop\*.tmp -> ]
[2011/11/01 15:52:31 | 000,000,448 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,200 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/01 15:30:25 | 000,000,440 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,304 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,200 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2010/02/25 18:04:09 | 000,007,602 | -H-- | C] () -- C:\Users\Steven\AppData\Local\resmon.resmoncfg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the [b]Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Cyxee
2011-11-08, 17:35
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
C:\Windows\SysNative\SET847F.tmp deleted successfully.
C:\Windows\SysNative\SET857A.tmp deleted successfully.
C:\Windows\SysNative\SET95A6.tmp deleted successfully.
C:\Windows\SysNative\SET95D7.tmp deleted successfully.
C:\Windows\SysNative\SET9780.tmp deleted successfully.
C:\Windows\SysNative\SETA3DB.tmp deleted successfully.
C:\Windows\SysNative\SETA47B.tmp deleted successfully.
C:\Windows\SysWow64\SET98BA.tmp deleted successfully.
C:\Windows\SysWow64\SET9987.tmp deleted successfully.
C:\Windows\SysWow64\SETA1EF.tmp deleted successfully.
C:\Windows\SysWow64\SETA43B.tmp deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Steven\Desktop\~WRL0005.tmp deleted successfully.
C:\ProgramData\1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzPr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\Users\Steven\AppData\Local\resmon.resmoncfg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steven\Desktop\cmd.bat deleted successfully.
C:\Users\Steven\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steven
->Temp folder emptied: 61551063 bytes
->Temporary Internet Files folder emptied: 41549153 bytes
->Java cache emptied: 1915495 bytes
->FireFox cache emptied: 1139313 bytes
->Opera cache emptied: 335515428 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 725506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 389077173 bytes

Total Files Cleaned = 793.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11092011_022419

Files\Folders moved on Reboot...
C:\Users\Steven\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\afr[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\afr[2].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\login_status[1].htm moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\sandbox[1].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWJ8K8MX\gossipcenter[1].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWJ8K8MX\redirect_v93_cim_11_15_6[1].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\01[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\afr[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\afr[2].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\gossipcenter[1].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\statstracker[1].htm moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\tweet_button[1].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\01[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\01[2].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\afr[1].htm moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\afr[2].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\like[1].htm not found!

Registry entries deleted on Reboot...

jeffce
2011-11-08, 17:46
Hi Cyxee,

I see that you have Malwarebytes on your system. Please run Malwarebytes, update it and then run a Quick Scan. Save the log that is produced for your next reply.
---------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner.

Cyxee
2011-11-10, 06:25
ESET SCAN

C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f.vir a variant of Win32/Kryptik.USY trojan
C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd.vir Java/Agent.DW trojan
C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir multiple threats
C:\Qoobox\Quarantine\C\Users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll.vir a variant of Win32/Packed.VMProtect.AAA trojan

Cyxee
2011-11-10, 06:30
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8129

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/11/2011 3:27:36 PM
mbam-log-2011-11-10 (15-27-36).txt

Scan type: Quick scan
Objects scanned: 190278
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jeffce
2011-11-10, 14:52
Hi Cyxee,

P2P - I see you have P2P software µTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
---------------

What remaining issues are you still having? :)

Cyxee
2011-11-11, 13:33
All the issues are still present, cant i just simply delete or uninstall internet explorer?, i mean, i just noticed they're were 2 iexeplorer.exe's running with the total consumption of ram between the two was 700,000k, they were each 400,000 to 300,000k. So yeah can we just remove internet explorer?

jeffce
2011-11-11, 15:10
Hi Cyxee,

Please visit the website here (http://support.microsoft.com/kb/318378) and go to the Microsoft Fix It button and press Run Now.

Once that completes reboot your system and let me know if the problem still persists.

Cyxee
2011-11-12, 15:32
All problems still present.

Problem recap;

Constant iexplorer.exe running, despite me terminating it, seconds later it returns.

Redirecting occasionally to random websites,

Email re-downloading old mail, every time it checks for new mail. Its to the point of 100 old emails being received as 'new' each check, and these checks are approximately hourly i believe.

jeffce
2011-11-12, 19:14
Hi Cyxee,

Are you using a wireless router by chance? If so are there other computers using it that are having the same problem?

Cyxee
2011-11-12, 19:17
I have wireless enabled, however my computers are hooked up with a wired connection. My other computer does not have this problem.

jeffce
2011-11-12, 23:01
Hi Cyxee,

Lets run a fresh scan with OTL and then post the log that is created into your next reply so that we can get a new look at what is going on. :bigthumb:

Cyxee
2011-11-14, 09:05
OTL logfile created on: 13/11/2011 7:05:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steven\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.21 Gb Available Physical Memory | 70.33% Memory free
11.98 Gb Paging File | 9.67 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 753.24 Gb Total Space | 144.74 Gb Free Space | 19.22% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Steven\AppData\Local\Temp\~9F40.tmp ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7a684c3b60526afb62a0969ada9c94cd\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\cb875f219b526fe6c21c259e6e4c267e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e2c37ffbcb41a3f72dec8c93329a07ad\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d5d26ed41c8fa0c7feb00ef5343299a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d08e6e917f08ef674373576016969a20\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a4a330e92cbd3457b3f00ae367a4bc5f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2807b771372137d41fb8d392a878d0c7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\096f1b3839e7d6dfe2598941329c08dc\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\VMSysPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\UMVPLMutePS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\MRSystemPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\MMSysPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\FxPreviewPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/16 19:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 19:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/07 21:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/09/15 16:21:12 | 000,000,000 | ---D | M]

[2011/05/20 17:14:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2010/01/23 21:52:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/28 18:37:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/15 03:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 20:17:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 19:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/09 02:24:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145D26AA-2997-42BB-9E56-802EBB4619D7}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18231C3B-8D00-4CBA-93DB-C293EAC62737}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{568297AF-4271-40E9-815D-51DB323115C4}: DhcpNameServer = 8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 21:22:20 | 000,000,000 | ---D | C] -- C:\Download
[2011/11/11 21:22:13 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Samsung
[2011/11/11 21:21:03 | 000,000,000 | ---D | C] -- C:\AllSharePhotoSlide
[2011/11/11 21:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/11/11 21:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011/11/11 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\Skyrim
[2011/11/11 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/09 16:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
[2011/11/09 16:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/11/09 02:24:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/09 02:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/09 02:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/11/08 22:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/11/08 22:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2011/11/07 03:59:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/05 19:44:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 19:24:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/05 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\PAYDAY
[2011/11/05 18:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/11/05 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/11/05 18:29:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:45:26 | 003,191,696 | ---- | C] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/04 22:50:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/04 18:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/04 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/04 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/04 02:02:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/04 02:02:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/04 02:02:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/02 22:50:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 22:48:52 | 004,283,620 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/02 13:23:13 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/11/02 02:04:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/01 23:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 19:23:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/01 14:54:40 | 100,299,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 22:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/30 22:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/27 18:56:26 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\loloololol
[2011/10/27 00:47:41 | 000,000,000 | -H-D | C] -- C:\Users\Steven\Documents\Battlefield 3
[2011/10/15 18:51:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/15 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/15 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

========== Files - Modified Within 30 Days ==========

[2011/11/13 18:27:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 16:14:17 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/11/13 16:11:25 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 16:11:25 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 16:04:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 16:03:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 16:03:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/13 16:03:49 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 05:41:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/11/11 22:01:48 | 000,002,114 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/11 21:22:12 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2011/11/11 21:20:22 | 000,002,013 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2011/11/10 02:50:15 | 000,000,221 | ---- | M] () -- C:\Users\Steven\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2011/11/10 00:24:00 | 000,304,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 16:38:41 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk
[2011/11/09 02:24:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/09 02:21:25 | 000,001,068 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/09 02:21:10 | 000,000,869 | ---- | M] () -- C:\Users\Steven\Desktop\ERUNT.lnk
[2011/11/07 21:36:49 | 000,459,264 | ---- | M] () -- C:\Users\Steven\Desktop\CKScanner.exe
[2011/11/07 03:59:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/06 18:37:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/05 23:42:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/05 20:42:55 | 000,000,917 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/11/05 20:42:55 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/11/05 20:31:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 20:31:49 | 000,726,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/05 20:31:49 | 000,150,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/05 18:36:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/05 18:27:59 | 004,283,620 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/05 00:45:39 | 003,191,696 | ---- | M] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 07:02:34 | 036,234,186 | ---- | M] () --
C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:56 | 001,545,436 | ---- | M] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | M] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 02:05:07 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/02 00:38:31 | 000,000,719 | ---- | M] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | M] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:43:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 20:17:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 17:05:50 | 000,894,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/01 14:55:51 | 100,299,728 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 16:06:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/30 10:07:14 | 000,000,000 | -H-- | M] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/28 11:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/10/25 21:58:06 | 000,885,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/25 20:54:31 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/25 20:53:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/24 20:26:41 | 032,147,858 | ---- | M] () -- C:\Users\Steven\Desktop\SmartSteam_v1.4.1_Incl_Steam_20110909.rar
[2011/10/21 17:29:13 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/17 22:38:30 | 000,000,129 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences2.dat
[2011/10/17 22:38:30 | 000,000,046 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences.dat

========== Files Created - No Company Name ==========

[2011/11/11 21:22:12 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2011/11/11 21:20:22 | 000,002,013 | ---- | C] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2011/11/10 02:50:15 | 000,000,221 | ---- | C] () -- C:\Users\Steven\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2011/11/09 16:38:41 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk
[2011/11/09 02:21:25 | 000,001,068 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/09 02:21:10 | 000,000,869 | ---- | C] () -- C:\Users\Steven\Desktop\ERUNT.lnk
[2011/11/07 21:37:21 | 000,002,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/07 21:36:44 | 000,459,264 | ---- | C] () -- C:\Users\Steven\Desktop\CKScanner.exe
[2011/11/05 18:36:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/04 02:02:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/04 02:02:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/04 02:02:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/04 02:02:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/04 02:02:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/02 13:31:18 | 000,023,347 | ---- | C] () -- C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:48 | 001,545,436 | ---- | C] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | C] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 00:38:31 | 000,000,719 | ---- | C] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | C] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:44:55 | 000,302,592 | ---- | C] () -- C:\Users\Steven\Desktop\gmer.exe
[2011/11/01 17:06:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/30 22:35:04 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/30 10:07:14 | 000,000,000 | -H-- | C] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/25 20:54:31 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/24 21:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/07/24 23:35:42 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/16 19:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/29 15:04:36 | 000,000,006 | -H-- | C] () -- C:\Users\Steven\AppData\Roaming\start
[2011/05/16 15:32:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/16 15:32:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/05 17:21:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 19:01:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/30 14:59:57 | 000,000,094 | -H-- | C] () -- C:\Users\Steven\AppData\Local\fusioncache.dat
[2010/09/30 11:47:38 | 000,894,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/08 01:49:25 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/07/27 19:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 19:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 19:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/19 23:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/04/26 14:21:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/26 00:09:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/02/10 16:00:42 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/01 22:29:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/01 22:29:49 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/01/23 18:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/23 18:03:27 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/01/23 18:03:27 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/23 17:59:20 | 000,030,911 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/01/23 17:58:36 | 000,021,355 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/12/28 18:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A8E2C33

< End of report >

jeffce
2011-11-14, 18:09
Hi Cyxee,

Lets go ahead and uninstall Internet Explorer and then get a fresh version of Internet Explorer on your system. You should be able to uninstall Internet Explorer from Control Panel >> Programs and Features. Reboot your system after you have done that and then use Firefox to download and install a fresh copy of Internet Explorer 9.

Once you get that completed let me know if the problem persists.

Cyxee
2011-11-15, 12:36
Okay Ive uninstall internet explorer completely, and now iexplorer.exe does not appear, yay finally a victory! Anyways im still experiencing my web browser's redirecting me to random sites sometimes, and also my email is still messed up (however im not sure if malware is responsible for this)

jeffce
2011-11-15, 14:30
Hi Cyxee,

Go to another computer that you know is clean and then change the passwords on your email accounts. That may help.
-----------

Scan With RootKitUnHooker

Please Download Rootkit Unhooker (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE) and save it to your desktop.
Now Right-click and Run as Administrator on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.


Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Cyxee
2011-11-17, 01:06
RootKitUnHooker will not actually run, i get a message displaying Sorry, but unhandled exception has occurred, Program will be terminated

Then a follow up log;
Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

jeffce
2011-11-17, 14:59
Hi Cyxee,

Sorry about my delay...I had to work a double shift at work yesterday.
--------------

Kaspersky Virus Removal Tool

Please click HERE (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download Kaspersky Virus Removal Tool.
Double click on the file you just downloaded and let it install.
It will install to your desktop.
After that leave what is selected and put a check next to My Computer.
Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
Then click on Start Scan.
Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
When the scan is done no log will be produced.
Click on the bottom where it says Report to open the report.
Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
You can save this on the desktop.
Post the contents of the document in your next reply.

Cyxee
2011-11-19, 00:34
Haha, its cool this post took ages also, was pretty busy myself. Anyways im unsure where this report file is located however for now i will just leave you with the detections report.

Status: Disinfected (events: 10)
19/11/2011 2:34:03 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ei C:\Documents and Settings\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\96325b7-2b867b00 High
19/11/2011 2:34:03 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ei C:\Documents and Settings\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\96325b7-2b867b00/json/Parser.class High
19/11/2011 5:16:28 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.eg C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd.vir High
19/11/2011 5:16:28 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.eg C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd.vir/json/Parser.class High
19/11/2011 5:22:24 AM Disinfected Trojan program Trojan.Win32.Menti.grnu C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir High
19/11/2011 5:22:24 AM Disinfected Trojan program Exploit.Java.CVE-2010-4452.a C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003476.file High
19/11/2011 5:22:24 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.y C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003524.file High
19/11/2011 5:21:21 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.y C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003524.file/tools/Commander.class High
19/11/2011 5:21:21 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.z C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003524.file/tools/XmlStandard.class High
19/11/2011 5:22:24 AM Disinfected Trojan program Trojan.Win32.Menti.grnu C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003586.file High
Status: Deleted (events: 1)
19/11/2011 5:18:34 AM Deleted Trojan program Trojan.Win32.Jorik.Fraud.gvl C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f.vir High

jeffce
2011-11-19, 05:26
Hi Cyxee,

RESET ROUTER


This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don’t know the router's default password, you can look it up. HERE (https://www.opendns.com/smb/start/router/)
You also need to reconfigure any security settings you had in place prior to the reset.
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

---------------

Once you get your router reset let me know what remaining problems you are having? :)

Cyxee
2011-11-21, 03:33
I've reset my router, however I'm still experiencing my browser redirecting me to totally random sites sometimes.

jeffce
2011-11-21, 03:42
Hi Cyxee,

Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Cyxee
2011-11-22, 08:51
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 162):
0x03006000 \SystemRoot\system32\ntoskrnl.exe
0x035EF000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00CD3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D22000 \SystemRoot\system32\PSHED.dll
0x00D36000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00ED9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0109C000 \SystemRoot\System32\Drivers\spbc.sys
0x011C2000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011CB000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\drivers\ACPI.sys
0x01057000 \SystemRoot\system32\drivers\msisadrv.sys
0x01061000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F8C000 \SystemRoot\system32\drivers\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x01083000 \SystemRoot\system32\drivers\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\system32\drivers\atapi.sys
0x00E96000 \SystemRoot\system32\drivers\ataport.SYS
0x00FBF000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00FDC000 \SystemRoot\system32\drivers\amdxata.sys
0x00D94000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FE7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01257000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014F0000 \SystemRoot\System32\Drivers\msrpc.sys
0x0154E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01569000 \SystemRoot\System32\Drivers\cng.sys
0x015DB000 \SystemRoot\System32\drivers\pcw.sys
0x015EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01665000 \SystemRoot\system32\drivers\ndis.sys
0x01758000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01870000 \SystemRoot\System32\drivers\tcpip.sys
0x01A74000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ABE000 \SystemRoot\system32\drivers\volsnap.sys
0x01B0A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B12000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B4C000 \SystemRoot\System32\Drivers\mup.sys
0x01B5E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B67000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BA1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BB7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01828000 \SystemRoot\system32\drivers\cdrom.sys
0x01852000 \SystemRoot\System32\Drivers\Null.SYS
0x0185B000 \SystemRoot\System32\Drivers\Beep.SYS
0x01862000 \SystemRoot\System32\drivers\vga.sys
0x01600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01625000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01635000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0163E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01647000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01652000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01400000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01422000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01467000 \SystemRoot\system32\drivers\afd.sys
0x017F0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01200000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01226000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01235000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00EC0000 \SystemRoot\system32\drivers\termdd.sys
0x0427E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x042CF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x042DB000 \SystemRoot\system32\drivers\mssmbios.sys
0x042E6000 \SystemRoot\System32\drivers\discache.sys
0x042F5000 \SystemRoot\System32\Drivers\dfsc.sys
0x04313000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04324000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x0432B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04351000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04367000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A63000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05471000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05565000 \SystemRoot\System32\drivers\dxgmms1.sys
0x055AB000 \SystemRoot\system32\drivers\HDAudBus.sys
0x055CF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x055DC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x043BA000 \SystemRoot\system32\drivers\1394ohci.sys
0x055ED000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04A56000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04257000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04647000 \SystemRoot\System32\Drivers\aq8219n0.SYS
0x0468C000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04695000 \SystemRoot\system32\drivers\CompositeBus.sys
0x046A5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x046BB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x046EB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0471A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04735000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04756000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04770000 \SystemRoot\system32\DRIVERS\tap0901t.sys
0x0477D000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x0478A000 \SystemRoot\system32\drivers\kbdclass.sys
0x04799000 \SystemRoot\system32\drivers\mouclass.sys
0x047A8000 \SystemRoot\system32\drivers\swenum.sys
0x047AA000 \SystemRoot\system32\drivers\ks.sys
0x047ED000 \SystemRoot\system32\drivers\umbus.sys
0x05CCF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05D29000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x05D34000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05D49000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05D87000 \SystemRoot\system32\drivers\portcls.sys
0x05DC4000 \SystemRoot\system32\drivers\drmk.sys
0x05DE6000 \SystemRoot\system32\drivers\ksthunk.sys
0x0764E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07600000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0760E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0761A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07623000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05C00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07636000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00000000 \SystemRoot\System32\win32k.sys
0x07638000 \SystemRoot\System32\drivers\Dxapi.sys
0x078E5000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x07F0E000 \SystemRoot\system32\drivers\usbaudio.sys
0x07F29000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x07F7B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07F89000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07F9B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07FA4000 \SystemRoot\system32\drivers\hidusb.sys
0x07FB2000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x07FCB000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x07FE0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07800000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x07814000 \SystemRoot\system32\drivers\kbdhid.sys
0x07822000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x0782B000 \SystemRoot\system32\DRIVERS\point64k.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x00600000 \SystemRoot\System32\cdd.dll
0x07839000 \SystemRoot\system32\drivers\luafv.sys
0x0785C000 \SystemRoot\system32\drivers\WudfPf.sys
0x0787D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07892000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x094AC000 \SystemRoot\system32\drivers\HTTP.sys
0x09575000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09593000 \SystemRoot\System32\drivers\mpsdrv.sys
0x095AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0944E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05C1D000 \SystemRoot\system32\drivers\peauth.sys
0x09472000 \SystemRoot\System32\Drivers\secdrv.SYS
0x078AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0947D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A014000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A07D000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A115000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x0A190000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x774A0000 \Windows\System32\ntdll.dll
0x476A0000 \Windows\System32\smss.exe
0xFF7C0000 \Windows\System32\apisetschema.dll
0xFF1E0000 \Windows\System32\autochk.exe

Processes (total 67):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
452 csrss.exe
524 C:\Windows\System32\wininit.exe
552 csrss.exe
584 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\atiesrxx.exe
956 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\spoolsv.exe
1376 C:\Windows\System32\svchost.exe
1452 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1480 C:\Windows\System32\atieclxx.exe
1540 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1560 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
1596 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1632 C:\ASUS.SYS\config\DVMExportService.exe
1704 C:\Windows\System32\svchost.exe
1780 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1828 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1840 LVPrS64H.exe
1964 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
1984 C:\Windows\SysWOW64\PnkBstrA.exe
2008 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
1180 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1444 C:\Windows\System32\svchost.exe
2120 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2212 C:\Program Files (x86)\Tunngle\TnglCtrl.exe
2260 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2320 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2880 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2916 C:\Windows\System32\SearchIndexer.exe
3148 C:\Windows\System32\dwm.exe
3252 C:\Windows\explorer.exe
3672 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3688 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3700 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3732 C:\Program Files (x86)\RocketDock\RocketDock.exe
3796 C:\Program Files\uTorrent\uTorrent.exe
3812 C:\Program Files (x86)\Steam\Steam.exe
3532 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3292 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
3424 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4088 C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
4172 C:\Program Files\iPod\bin\iPodService.exe
4856 C:\Windows\System32\svchost.exe
4968 C:\Program Files\Windows Media Player\wmpnetwk.exe
4908 dllhost.exe
3192 C:\Windows\System32\wuauclt.exe
5868 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
5668 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
1960 C:\Windows\System32\audiodg.exe
5176 C:\Program Files (x86)\Opera\opera.exe
6108 C:\Windows\System32\SearchProtocolHost.exe
5332 C:\Windows\System32\SearchFilterHost.exe
156 C:\Users\Steven\Desktop\MBRCheck.exe
2432 C:\Windows\System32\conhost.exe
5588 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD8088AADS-32L5B1, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
753 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

jeffce
2011-11-22, 14:55
Hi Cyxee,

Before we do the next step I would like for you to make a backup of all your important documents that you might like to keep...letters, pictures, music...things like that. :) You can save them to an external hard drive, USB drive or CD. Whatever you prefer.

Once you get that done please let me know.

Cyxee
2011-11-23, 02:09
Quick question are we reformatting?

jeffce
2011-11-23, 02:19
No no...we are going to fix your Master Boot Record. :) It is just a precaution that's all.

Cyxee
2011-11-25, 15:07
Ready :cowboy:

jeffce
2011-11-25, 20:27
Hi Cyxee,


Run MBRCheck.exe
Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Please push the 'Y' key and then press Enter
When program ask you Enter your choice: enter 2 and press the Enter key
Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
Enter 0 and press the Enter key.
The program will show Available MBR codes:, followed by a list of operating systems. Please enter 5 for Windows 7, and then press Enter.
The program will prompt for confirmation. Type 'YES' and hit Enter.
Left click on the title bar (where program name and path is written).
From menu chose Edit -> Select All
Hit the Enter key on your keyboard to copy selected text.
Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
Important! Restart your PC for the fix to take effect.
Post the contents of the MBRCheck results log in your next reply

-----------------

Now please run MBRCheck again doing the following:

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

--------------

In your next reply please post the contents of the MBRCheck logs that are created. :) If you have any questions let me know.

jeffce
2011-11-28, 14:47
Hi Cyxee,

Do you still need help? :)

Cyxee
2011-11-29, 16:09
I'll be traveling and will not be using this computer for awhile (long travel), so I've decided to simply to reformat, which i usually do yearly, and leave the computer to the rest of my family to preform basic functions. Anyways thanks for the help Jeff much appreciated even tho we didn't completely get rid of all the problems, however the main problems are gone and the redirect issue Ive been tolerating these past 2 weeks, thanks for that hahah :D:

jeffce
2011-11-29, 17:21
Hi Cyxee,

Thank you for letting me know. Enjoy your travels. :)

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.