iexplorer.exe infected help!.

Status
Not open for further replies.
I have wireless enabled, however my computers are hooked up with a wired connection. My other computer does not have this problem.
 
Hi Cyxee,

Lets run a fresh scan with OTL and then post the log that is created into your next reply so that we can get a new look at what is going on. :bigthumb:
 
OTL logfile created on: 13/11/2011 7:05:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steven\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.21 Gb Available Physical Memory | 70.33% Memory free
11.98 Gb Paging File | 9.67 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 753.24 Gb Total Space | 144.74 Gb Free Space | 19.22% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Steven\AppData\Local\Temp\~9F40.tmp ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7a684c3b60526afb62a0969ada9c94cd\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\cb875f219b526fe6c21c259e6e4c267e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e2c37ffbcb41a3f72dec8c93329a07ad\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d5d26ed41c8fa0c7feb00ef5343299a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d08e6e917f08ef674373576016969a20\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a4a330e92cbd3457b3f00ae367a4bc5f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2807b771372137d41fb8d392a878d0c7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\096f1b3839e7d6dfe2598941329c08dc\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\VMSysPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\UMVPLMutePS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\MRSystemPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\MMSysPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\FxPreviewPS.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/16 19:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 19:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/07 21:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/09/15 16:21:12 | 000,000,000 | ---D | M]

[2011/05/20 17:14:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2010/01/23 21:52:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/28 18:37:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/15 03:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 20:17:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 19:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/09 02:24:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145D26AA-2997-42BB-9E56-802EBB4619D7}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18231C3B-8D00-4CBA-93DB-C293EAC62737}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{568297AF-4271-40E9-815D-51DB323115C4}: DhcpNameServer = 8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 21:22:20 | 000,000,000 | ---D | C] -- C:\Download
[2011/11/11 21:22:13 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Samsung
[2011/11/11 21:21:03 | 000,000,000 | ---D | C] -- C:\AllSharePhotoSlide
[2011/11/11 21:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/11/11 21:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011/11/11 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\Skyrim
[2011/11/11 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/09 16:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
[2011/11/09 16:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/11/09 02:24:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/09 02:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/09 02:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/11/08 22:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/11/08 22:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2011/11/07 03:59:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/05 19:44:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 19:24:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/05 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\PAYDAY
[2011/11/05 18:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/11/05 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/11/05 18:29:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:45:26 | 003,191,696 | ---- | C] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/04 22:50:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/04 18:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/04 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/04 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/04 02:02:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/04 02:02:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/04 02:02:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/02 22:50:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 22:48:52 | 004,283,620 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/02 13:23:13 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/11/02 02:04:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/01 23:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 19:23:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/01 14:54:40 | 100,299,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 22:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/30 22:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/27 18:56:26 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\loloololol
[2011/10/27 00:47:41 | 000,000,000 | -H-D | C] -- C:\Users\Steven\Documents\Battlefield 3
[2011/10/15 18:51:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/15 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/15 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

========== Files - Modified Within 30 Days ==========

[2011/11/13 18:27:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 16:14:17 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/11/13 16:11:25 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 16:11:25 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 16:04:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 16:03:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 16:03:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/13 16:03:49 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 05:41:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/11/11 22:01:48 | 000,002,114 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/11 21:22:12 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2011/11/11 21:20:22 | 000,002,013 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2011/11/10 02:50:15 | 000,000,221 | ---- | M] () -- C:\Users\Steven\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2011/11/10 00:24:00 | 000,304,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 16:38:41 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk
[2011/11/09 02:24:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/09 02:21:25 | 000,001,068 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/09 02:21:10 | 000,000,869 | ---- | M] () -- C:\Users\Steven\Desktop\ERUNT.lnk
[2011/11/07 21:36:49 | 000,459,264 | ---- | M] () -- C:\Users\Steven\Desktop\CKScanner.exe
[2011/11/07 03:59:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/06 18:37:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/05 23:42:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/05 20:42:55 | 000,000,917 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/11/05 20:42:55 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/11/05 20:31:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 20:31:49 | 000,726,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/05 20:31:49 | 000,150,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/05 18:36:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/05 18:27:59 | 004,283,620 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/05 00:45:39 | 003,191,696 | ---- | M] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 07:02:34 | 036,234,186 | ---- | M] () --
C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:56 | 001,545,436 | ---- | M] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | M] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 02:05:07 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/02 00:38:31 | 000,000,719 | ---- | M] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | M] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:43:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 20:17:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 17:05:50 | 000,894,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/01 14:55:51 | 100,299,728 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 16:06:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/30 10:07:14 | 000,000,000 | -H-- | M] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/28 11:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/10/25 21:58:06 | 000,885,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/25 20:54:31 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/25 20:53:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/24 20:26:41 | 032,147,858 | ---- | M] () -- C:\Users\Steven\Desktop\SmartSteam_v1.4.1_Incl_Steam_20110909.rar
[2011/10/21 17:29:13 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/17 22:38:30 | 000,000,129 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences2.dat
[2011/10/17 22:38:30 | 000,000,046 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences.dat

========== Files Created - No Company Name ==========

[2011/11/11 21:22:12 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2011/11/11 21:20:22 | 000,002,013 | ---- | C] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2011/11/10 02:50:15 | 000,000,221 | ---- | C] () -- C:\Users\Steven\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2011/11/09 16:38:41 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk
[2011/11/09 02:21:25 | 000,001,068 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/09 02:21:10 | 000,000,869 | ---- | C] () -- C:\Users\Steven\Desktop\ERUNT.lnk
[2011/11/07 21:37:21 | 000,002,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/07 21:36:44 | 000,459,264 | ---- | C] () -- C:\Users\Steven\Desktop\CKScanner.exe
[2011/11/05 18:36:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/04 02:02:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/04 02:02:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/04 02:02:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/04 02:02:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/04 02:02:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/02 13:31:18 | 000,023,347 | ---- | C] () -- C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:48 | 001,545,436 | ---- | C] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | C] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 00:38:31 | 000,000,719 | ---- | C] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | C] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:44:55 | 000,302,592 | ---- | C] () -- C:\Users\Steven\Desktop\gmer.exe
[2011/11/01 17:06:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/30 22:35:04 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/30 10:07:14 | 000,000,000 | -H-- | C] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/25 20:54:31 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/24 21:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/07/24 23:35:42 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/16 19:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/29 15:04:36 | 000,000,006 | -H-- | C] () -- C:\Users\Steven\AppData\Roaming\start
[2011/05/16 15:32:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/16 15:32:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/05 17:21:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 19:01:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/30 14:59:57 | 000,000,094 | -H-- | C] () -- C:\Users\Steven\AppData\Local\fusioncache.dat
[2010/09/30 11:47:38 | 000,894,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/08 01:49:25 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/07/27 19:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 19:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 19:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/19 23:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/04/26 14:21:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/26 00:09:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/02/10 16:00:42 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/01 22:29:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/01 22:29:49 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/01/23 18:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/23 18:03:27 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/01/23 18:03:27 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/23 17:59:20 | 000,030,911 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/01/23 17:58:36 | 000,021,355 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/12/28 18:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A8E2C33

< End of report >
 
Hi Cyxee,

Lets go ahead and uninstall Internet Explorer and then get a fresh version of Internet Explorer on your system. You should be able to uninstall Internet Explorer from Control Panel >> Programs and Features. Reboot your system after you have done that and then use Firefox to download and install a fresh copy of Internet Explorer 9.

Once you get that completed let me know if the problem persists.
 
Okay Ive uninstall internet explorer completely, and now iexplorer.exe does not appear, yay finally a victory! Anyways im still experiencing my web browser's redirecting me to random sites sometimes, and also my email is still messed up (however im not sure if malware is responsible for this)
 
Hi Cyxee,

Go to another computer that you know is clean and then change the passwords on your email accounts. That may help.
-----------

Scan With RootKitUnHooker
  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now Right-click and Run as Administrator on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 
RootKitUnHooker will not actually run, i get a message displaying Sorry, but unhandled exception has occurred, Program will be terminated

Then a follow up log;
Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF
 
Hi Cyxee,

Sorry about my delay...I had to work a double shift at work yesterday.
--------------

Kaspersky Virus Removal Tool
  • Please click HERE to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.
 
Haha, its cool this post took ages also, was pretty busy myself. Anyways im unsure where this report file is located however for now i will just leave you with the detections report.

Status: Disinfected (events: 10)
19/11/2011 2:34:03 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ei C:\Documents and Settings\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\96325b7-2b867b00 High
19/11/2011 2:34:03 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ei C:\Documents and Settings\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\96325b7-2b867b00/json/Parser.class High
19/11/2011 5:16:28 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.eg C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd.vir High
19/11/2011 5:16:28 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.eg C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd.vir/json/Parser.class High
19/11/2011 5:22:24 AM Disinfected Trojan program Trojan.Win32.Menti.grnu C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir High
19/11/2011 5:22:24 AM Disinfected Trojan program Exploit.Java.CVE-2010-4452.a C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003476.file High
19/11/2011 5:22:24 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.y C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003524.file High
19/11/2011 5:21:21 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.y C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003524.file/tools/Commander.class High
19/11/2011 5:21:21 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.z C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003524.file/tools/XmlStandard.class High
19/11/2011 5:22:24 AM Disinfected Trojan program Trojan.Win32.Menti.grnu C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir/111015185748350-003586.file High
Status: Deleted (events: 1)
19/11/2011 5:18:34 AM Deleted Trojan program Trojan.Win32.Jorik.Fraud.gvl C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f.vir High
 
Hi Cyxee,

RESET ROUTER

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
---------------

Once you get your router reset let me know what remaining problems you are having? :)
 
I've reset my router, however I'm still experiencing my browser redirecting me to totally random sites sometimes.
 
Hi Cyxee,

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 162):
0x03006000 \SystemRoot\system32\ntoskrnl.exe
0x035EF000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00CD3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D22000 \SystemRoot\system32\PSHED.dll
0x00D36000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00ED9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0109C000 \SystemRoot\System32\Drivers\spbc.sys
0x011C2000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011CB000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\drivers\ACPI.sys
0x01057000 \SystemRoot\system32\drivers\msisadrv.sys
0x01061000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F8C000 \SystemRoot\system32\drivers\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x01083000 \SystemRoot\system32\drivers\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\system32\drivers\atapi.sys
0x00E96000 \SystemRoot\system32\drivers\ataport.SYS
0x00FBF000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00FDC000 \SystemRoot\system32\drivers\amdxata.sys
0x00D94000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FE7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01257000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014F0000 \SystemRoot\System32\Drivers\msrpc.sys
0x0154E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01569000 \SystemRoot\System32\Drivers\cng.sys
0x015DB000 \SystemRoot\System32\drivers\pcw.sys
0x015EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01665000 \SystemRoot\system32\drivers\ndis.sys
0x01758000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01870000 \SystemRoot\System32\drivers\tcpip.sys
0x01A74000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ABE000 \SystemRoot\system32\drivers\volsnap.sys
0x01B0A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B12000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B4C000 \SystemRoot\System32\Drivers\mup.sys
0x01B5E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B67000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BA1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BB7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01828000 \SystemRoot\system32\drivers\cdrom.sys
0x01852000 \SystemRoot\System32\Drivers\Null.SYS
0x0185B000 \SystemRoot\System32\Drivers\Beep.SYS
0x01862000 \SystemRoot\System32\drivers\vga.sys
0x01600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01625000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01635000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0163E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01647000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01652000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01400000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01422000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01467000 \SystemRoot\system32\drivers\afd.sys
0x017F0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01200000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01226000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01235000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00EC0000 \SystemRoot\system32\drivers\termdd.sys
0x0427E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x042CF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x042DB000 \SystemRoot\system32\drivers\mssmbios.sys
0x042E6000 \SystemRoot\System32\drivers\discache.sys
0x042F5000 \SystemRoot\System32\Drivers\dfsc.sys
0x04313000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04324000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x0432B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04351000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04367000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A63000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05471000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05565000 \SystemRoot\System32\drivers\dxgmms1.sys
0x055AB000 \SystemRoot\system32\drivers\HDAudBus.sys
0x055CF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x055DC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x043BA000 \SystemRoot\system32\drivers\1394ohci.sys
0x055ED000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04A56000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04257000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04647000 \SystemRoot\System32\Drivers\aq8219n0.SYS
0x0468C000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04695000 \SystemRoot\system32\drivers\CompositeBus.sys
0x046A5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x046BB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x046EB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0471A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04735000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04756000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04770000 \SystemRoot\system32\DRIVERS\tap0901t.sys
0x0477D000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x0478A000 \SystemRoot\system32\drivers\kbdclass.sys
0x04799000 \SystemRoot\system32\drivers\mouclass.sys
0x047A8000 \SystemRoot\system32\drivers\swenum.sys
0x047AA000 \SystemRoot\system32\drivers\ks.sys
0x047ED000 \SystemRoot\system32\drivers\umbus.sys
0x05CCF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05D29000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x05D34000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05D49000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05D87000 \SystemRoot\system32\drivers\portcls.sys
0x05DC4000 \SystemRoot\system32\drivers\drmk.sys
0x05DE6000 \SystemRoot\system32\drivers\ksthunk.sys
0x0764E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07600000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0760E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0761A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07623000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05C00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07636000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00000000 \SystemRoot\System32\win32k.sys
0x07638000 \SystemRoot\System32\drivers\Dxapi.sys
0x078E5000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x07F0E000 \SystemRoot\system32\drivers\usbaudio.sys
0x07F29000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x07F7B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07F89000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07F9B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07FA4000 \SystemRoot\system32\drivers\hidusb.sys
0x07FB2000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x07FCB000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x07FE0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07800000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x07814000 \SystemRoot\system32\drivers\kbdhid.sys
0x07822000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x0782B000 \SystemRoot\system32\DRIVERS\point64k.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x00600000 \SystemRoot\System32\cdd.dll
0x07839000 \SystemRoot\system32\drivers\luafv.sys
0x0785C000 \SystemRoot\system32\drivers\WudfPf.sys
0x0787D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07892000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x094AC000 \SystemRoot\system32\drivers\HTTP.sys
0x09575000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09593000 \SystemRoot\System32\drivers\mpsdrv.sys
0x095AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0944E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05C1D000 \SystemRoot\system32\drivers\peauth.sys
0x09472000 \SystemRoot\System32\Drivers\secdrv.SYS
0x078AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0947D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A014000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A07D000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A115000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x0A190000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x774A0000 \Windows\System32\ntdll.dll
0x476A0000 \Windows\System32\smss.exe
0xFF7C0000 \Windows\System32\apisetschema.dll
0xFF1E0000 \Windows\System32\autochk.exe

Processes (total 67):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
452 csrss.exe
524 C:\Windows\System32\wininit.exe
552 csrss.exe
584 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\atiesrxx.exe
956 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\spoolsv.exe
1376 C:\Windows\System32\svchost.exe
1452 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1480 C:\Windows\System32\atieclxx.exe
1540 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1560 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
1596 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1632 C:\ASUS.SYS\config\DVMExportService.exe
1704 C:\Windows\System32\svchost.exe
1780 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1828 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1840 LVPrS64H.exe
1964 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
1984 C:\Windows\SysWOW64\PnkBstrA.exe
2008 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
1180 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1444 C:\Windows\System32\svchost.exe
2120 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2212 C:\Program Files (x86)\Tunngle\TnglCtrl.exe
2260 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2320 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2880 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2916 C:\Windows\System32\SearchIndexer.exe
3148 C:\Windows\System32\dwm.exe
3252 C:\Windows\explorer.exe
3672 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3688 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3700 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3732 C:\Program Files (x86)\RocketDock\RocketDock.exe
3796 C:\Program Files\uTorrent\uTorrent.exe
3812 C:\Program Files (x86)\Steam\Steam.exe
3532 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3292 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
3424 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4088 C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
4172 C:\Program Files\iPod\bin\iPodService.exe
4856 C:\Windows\System32\svchost.exe
4968 C:\Program Files\Windows Media Player\wmpnetwk.exe
4908 dllhost.exe
3192 C:\Windows\System32\wuauclt.exe
5868 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
5668 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
1960 C:\Windows\System32\audiodg.exe
5176 C:\Program Files (x86)\Opera\opera.exe
6108 C:\Windows\System32\SearchProtocolHost.exe
5332 C:\Windows\System32\SearchFilterHost.exe
156 C:\Users\Steven\Desktop\MBRCheck.exe
2432 C:\Windows\System32\conhost.exe
5588 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD8088AADS-32L5B1, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
753 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:
 
Hi Cyxee,

Before we do the next step I would like for you to make a backup of all your important documents that you might like to keep...letters, pictures, music...things like that. :) You can save them to an external hard drive, USB drive or CD. Whatever you prefer.

Once you get that done please let me know.
 
Hi Cyxee,

  1. Run MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. Please push the 'Y' key and then press Enter
  4. When program ask you Enter your choice: enter 2 and press the Enter key
  5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  6. Enter 0 and press the Enter key.
  7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter 5 for Windows 7, and then press Enter.
  8. The program will prompt for confirmation. Type 'YES' and hit Enter.
  9. Left click on the title bar (where program name and path is written).
  10. From menu chose Edit -> Select All
  11. Hit the Enter key on your keyboard to copy selected text.
  12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  13. Important! Restart your PC for the fix to take effect.
  14. Post the contents of the MBRCheck results log in your next reply
-----------------

Now please run MBRCheck again doing the following:
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
--------------

In your next reply please post the contents of the MBRCheck logs that are created. :) If you have any questions let me know.
 
I'll be traveling and will not be using this computer for awhile (long travel), so I've decided to simply to reformat, which i usually do yearly, and leave the computer to the rest of my family to preform basic functions. Anyways thanks for the help Jeff much appreciated even tho we didn't completely get rid of all the problems, however the main problems are gone and the redirect issue Ive been tolerating these past 2 weeks, thanks for that hahah :D:
 
Status
Not open for further replies.
Back
Top