May have redirect virus?

April 29, 2011 at 07:06:20
Specs: Windows 7 64
When opening gmail appears IE9 is in a endless loop... win 7 64 here are the files=== doesn't appear to allow attachments?

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Owner at 9:43:42.41 on Fri 04/29/2011
Internet Explorer: 9.0.8112.16421
.
============== Running Processes ===============
.
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWow64\perfhost.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\program files (x86)\asus\asus live update\alu.exe
C:\program files (x86)\asus\controldeck\controldeckstartup.exe
C:\program files (x86)\asus\wireless console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\program files (x86)\asus\atk package\atk media\dmedia.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7ETPM6X\Mats_Run.ieperformance.exe
C:\Users\Owner\Downloads\exeHelper.com
C:\Users\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
mURLSearchHooks: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\tbRoad.dll
mURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: {78875F5C-A685-4405-8DC5-D48DC65452B0} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\tbRoad.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Conime] %windir%\system32\conime.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: blackboard.com\waynecc
Trusted Zone: campuscruiser.com\prod
Trusted Zone: course.com\sam2007
Trusted Zone: course.com\sam2007sm
Trusted Zone: google.com\mail
Trusted Zone: microsoft.com\update
Trusted Zone: waynecc.edu\blackboard
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
BHO-X64: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB-X64: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
.
============= SERVICES / DRIVERS ===============
.
R? BTCOM;Bluetooth Serial port driver
R? btwl2cap;Bluetooth L2CAP Service
R? Cloud Drive Optimiser;Cloud Drive Optimiser
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? ivusb;Initio Driver for USB Default Controller
R? LMIRescue_0026b2d8-c00e-4db1-bc6d-44c192212387;LogMeIn Rescue (0026b2d8-c00e-4db1-bc6d-44c192212387)
R? MpNWMon;Microsoft Malware Protection Network Driver
R? NisSrv;Microsoft Network Inspection
R? pwdrvio;pwdrvio
R? pwdspio;pwdspio
R? SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver
R? TsUsbFlt;TsUsbFlt
R? vwifimp;Microsoft Virtual WiFi Miniport Service
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? AdvancedSystemCareService;Advanced SystemCare Service
S? AFBAgent;AFBAgent
S? Application Updater;Application Updater
S? ASMMAP64;ASMMAP64
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? BTCOMBUS;Bluetooth Serial Port Bus Service
S? BtHidBus;Bluetooth HID Bus Service
S? btnetBUs;Bluetooth PAN Bus Service
S? ETD;ELAN PS/2 Port Input Device
S? FreeAgentGoNext Service;Seagate Service
S? ftpsvc;Microsoft FTP Service
S? HECIx64;Intel(R) Management Engine Interface
S? Impcd;Impcd
S? IntcDAud;Intel(R) Display Audio
S? IS360service;IS360service
S? IvtBtBUs;IVT Bluetooth Bus Service
S? JMCR;JMCR
S? JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits)
S? Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service
S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
S? lullaby;lullaby
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? osppsvc;Office Software Protection Platform
S? PxHlpa64;PxHlpa64
S? RDPDISPM;RDPDISPM
S? SmartDefragDriver;SmartDefragDriver
S? Soluto;Soluto
S? SolutoService;Soluto PCGenome Core Service
S? UNS;Intel(R) Management & Security Application User Notification Service
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2011-04-29 07:46:30 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{6740C9A2-43C2-40DD-B0E7-5EBED0C17537}\mpengine.dll
2011-04-28 15:04:39 -------- dc----w- C:\Temp
2011-04-27 22:06:20 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 22:06:19 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 22:06:18 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 22:06:18 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-26 15:22:47 -------- d-----w- C:\PROGRA~3\{A2A58654-12AA-408A-B411-58A76959BE7F}
2011-04-26 13:25:44 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2011-04-26 13:25:44 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-04-26 13:25:44 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-04-26 13:24:51 32136 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2011-04-26 13:24:51 18232 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2011-04-25 06:32:51 -------- d-----w- C:\Users\Owner\AppData\Local\WindowsForUs
2011-04-25 06:10:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Soluto
2011-04-25 03:03:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\Folding@home-x86
2011-04-25 03:03:29 -------- d-----w- C:\Program Files (x86)\Folding@home
2011-04-25 02:41:30 -------- d-----w- C:\Program Files (x86)\ieSpell
2011-04-25 02:36:40 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2011-04-25 02:36:03 -------- d-----w- C:\Program Files\Soluto
2011-04-25 02:33:58 -------- d-----w- C:\Program Files (x86)\Camtech
2011-04-25 02:32:35 -------- d-----w- C:\PROGRA~3\Soluto
2011-04-25 02:09:12 51712 ----a-w- C:\Program Files\Common Files\System\uninstall.exe
2011-04-25 02:09:07 -------- d-----w- C:\Program Files\WinBubble
2011-04-24 23:02:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\Uniblue
2011-04-14 12:17:06 -------- dc----w- C:\My Web Sites
2011-04-14 02:07:49 -------- d-----w- C:\Users\Owner\AppData\Local\{BDFA5888-78A1-4EEA-B362-01A12C5859BD}
2011-04-14 02:06:30 -------- d-----w- C:\Windows\en
2011-04-14 02:03:50 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-04-14 02:03:35 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-04-14 02:03:32 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\26c4946d1cbfa4803\InstallManager_WLE_WLE.exe
2011-04-14 02:02:10 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f5f4096e1cbfa4702\MeshBetaRemover.exe
2011-04-14 00:42:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\Roxio Log Files
2011-04-13 14:07:44 -------- d-----w- C:\Program Files (x86)\WinHTTrack
2011-04-13 14:07:27 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-13 14:07:26 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-13 14:03:18 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-04-13 14:03:11 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-13 14:03:11 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-13 14:03:10 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-13 14:03:10 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-13 14:03:03 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-13 14:03:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-13 14:03:03 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-13 14:03:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-04-13 14:03:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-04-13 14:03:01 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-04-13 14:03:01 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-04-13 14:01:44 -------- d-----w- C:\Program Files\Bruce Street Pty Ltd
2011-04-13 14:00:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-13 14:00:06 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-13 14:00:05 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-13 14:00:02 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-13 14:00:01 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-13 14:00:00 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-04-13 13:59:59 605552 ----a-w- C:\Windows\System32\winload.exe
2011-04-13 13:59:59 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-04-13 13:59:59 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-04-13 13:59:58 642944 ----a-w- C:\Windows\System32\winload.efi
2011-04-13 13:59:58 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-04-13 13:59:58 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-04-13 13:56:43 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-04-13 13:38:06 -------- d-----w- C:\Program Files (x86)\Evernote
2011-04-13 05:37:17 -------- d-----w- C:\Windows\CheckSur
2011-04-13 05:28:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-13 05:28:30 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-13 05:28:30 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-13 05:28:30 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-13 03:46:20 -------- d-----w- C:\Program Files (x86)\Add-ins
2011-04-07 13:59:16 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{8A7703AA-7103-4E6C-978C-5FF09B98F7E9}\gapaengine.dll
2011-04-07 01:37:22 -------- d-----w- C:\Users\Owner\AppData\Local\{C4B1DF8C-9789-4F91-9BF1-DDA4308FC950}
2011-04-07 01:23:44 -------- d-----w- C:\Program Files (x86)\Apex Software
2011-04-07 00:58:47 -------- d-----w- C:\Program Files (x86)\Advanced PDF Password Remover 5.0
2011-04-06 03:40:06 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-04-06 03:39:47 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-04-06 03:39:47 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-04-05 00:51:51 -------- d-----w- C:\Program Files (x86)\FreeApps
2011-04-04 17:37:09 -------- d-----w- C:\PROGRA~3\FreeApp
2011-04-04 15:42:43 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-04-04 15:01:11 -------- d-----w- C:\Windows\SysWow64\kodak
2011-04-04 14:45:09 -------- d-----w- C:\Windows\SysWow64\spool
.
==================== Find3M ====================
.
2011-04-29 01:12:38 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-04-25 19:47:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-25 00:16:54 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-04-01 01:48:09 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 19:50:38 12067528 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 12:03:16 142848 ----a-w- C:\Windows\System32\EKIJCOINST12.dll
2011-03-03 11:57:58 613376 ----a-w- C:\Windows\System32\EKIJ5000MON.dll
2011-02-25 19:19:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-25 19:19:10 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-23 15:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 14:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-11 23:25:56 162328 ----a-w- C:\Windows\System32\igfxtray.exe
2011-02-11 23:25:50 509976 ----a-w- C:\Windows\System32\igfxsrvc.exe
2011-02-11 23:25:46 417304 ----a-w- C:\Windows\System32\igfxpers.exe
2011-02-11 23:25:44 223768 ----a-w- C:\Windows\System32\igfxext.exe
2011-02-11 23:25:38 386584 ----a-w- C:\Windows\System32\hkcmd.exe
2011-02-11 23:25:38 3157528 ----a-w- C:\Windows\System32\GfxUI.exe
2011-02-11 23:25:36 152600 ----a-w- C:\Windows\System32\difx64.exe
2011-02-11 23:21:06 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2302.dll
2011-02-11 23:16:38 6549504 ----a-w- C:\Windows\System32\igdumd64.dll
2011-02-11 23:16:38 10628640 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2011-02-11 23:15:08 874048 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2011-02-11 23:15:08 874048 ----a-w- C:\Windows\System32\igkrng575.bin
2011-02-11 23:12:16 4967424 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2011-02-11 23:09:48 571904 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2011-02-11 23:07:50 4722176 ----a-w- C:\Windows\System32\igd10umd64.dll
2011-02-11 23:04:40 4411392 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2011-02-11 22:59:00 15035392 ----a-w- C:\Windows\System32\ig4icd64.dll
2011-02-11 22:51:10 11039744 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2011-02-11 22:47:04 88064 ----a-w- C:\Windows\System32\igfxrsky.lrc
2011-02-11 22:47:04 87552 ----a-w- C:\Windows\System32\igfxrtrk.lrc
2011-02-11 22:47:04 87552 ----a-w- C:\Windows\System32\igfxrslv.lrc
2011-02-11 22:47:02 88576 ----a-w- C:\Windows\System32\igfxresn.lrc
2011-02-11 22:47:02 88064 ----a-w- C:\Windows\System32\igfxrrus.lrc
2011-02-11 22:47:02 87552 ----a-w- C:\Windows\System32\igfxrsve.lrc
2011-02-11 22:47:02 87040 ----a-w- C:\Windows\System32\igfxrtha.lrc
2011-02-11 22:47:00 88064 ----a-w- C:\Windows\System32\igfxrptg.lrc
2011-02-11 22:47:00 88064 ----a-w- C:\Windows\System32\igfxrplk.lrc
2011-02-11 22:47:00 87552 ----a-w- C:\Windows\System32\igfxrptb.lrc
2011-02-11 22:47:00 87552 ----a-w- C:\Windows\System32\igfxrnor.lrc
2011-02-11 22:45:40 108544 ----a-w- C:\Windows\System32\hccutils.dll
2011-02-11 22:45:32 119808 ----a-w- C:\Windows\System32\gfxSrvc.dll
2011-02-11 22:45:30 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2011-02-11 22:45:30 272896 ----a-w- C:\Windows\System32\igfxdev.dll
2011-02-11 22:45:04 87552 ----a-w- C:\Windows\System32\igfxrenu.lrc
2011-02-11 22:45:00 830464 ----a-w- C:\Windows\System32\igfxress.dll
2011-02-11 22:45:00 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2011-02-11 22:41:28 23552 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2011-02-11 22:40:38 228864 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2011-02-11 22:35:00 208896 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2011-02-11 22:35:00 206336 ----a-w- C:\Windows\System32\iglhsip64.dll
2011-02-11 22:35:00 188416 ----a-w- C:\Windows\System32\iglhcp64.dll
2011-02-11 22:35:00 147456 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 9:47:42.70 ===============

==== Installed Programs ======================
.
Absolute Poker
Acrobat.com
Add-in Information Lister
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced PDF Password Remover 5.0
Advanced SystemCare 4
aioscnnr
Apex PDF Password & Restrictions Remover 2.3.8.2
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_U_Series_Screensaver
ATK Package
avast! Free Antivirus
Bing Bar
Bing Bar Platform
Boingo Wi-Fi
CCScore
center
CNET TechTracker
Conduit Engine
ControlDeck
Coupon Printer for Windows
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
DFX for Windows Media Player
eReg
ESSBrwr
ESSCDBK
ESScore
essentials
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Evernote v. 4.3
Express Gate
Facebook Plug-In
FILEminimizer Pictures
FinePixViewer Ver.5.5
Folding@home-x86
FreeApps
Full Tilt Poker
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hidden Utilities XP
ieSpell
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
IObit Security 360
IObit Toolbar v4.3
Java Auto Updater
Java(TM) 6 Update 24
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
KODAK AiO Software
Kodak EasyShare software
KODAK Share Button App
ksDIP
LastPass (uninstall only)
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MiniTool Partition Wizard Home Edition 5.2
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
ocr
OfotoXMI
PC Connectivity Solution
PeaZip 3.6
Photo Filter Factory 9.01 : Image Processor 9.01
Picasa 3
PreReq
QuickTime
RCA Detective™ 2.0.0.99
RCA Digital Voice Manager 5.1.1.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Reference Point Template ver: Word 2010, MLA 7th Ed.
Road Runner Toolbar
Roxio Burn
Roxio Roxio Burn
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Seagate Manager Installer
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SFR
SHASTA
skin0001
SKINXSDK
Smart Defrag 2
staticcr
Switch Sound File Converter
TWC Customer Controls
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VPRINTOL
WinBubble
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinHTTrack Website Copier 3.44-1
WIRELESS
Wireless Console 3
Yahoo! Toolbar
.
==== End Of File ===========================
exeHelper by Raktor
Build 20100414
Run at 09:35:59 on 04/29/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 09:37:28 on 04/29/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


See More: May have redirect virus?

Report •


#1
April 29, 2011 at 09:02:29
Anti-virus and Anti-malware programs may prevent the tools we need to use from fixing an infected system. Please disable (temporarily) any Anti-virus and Anti-malware programs you have running: Right click the program's Taskbar icon, or access each program through Start - Programs to disable.

Next, please download TDSSKiller from the following link:
http://support.kaspersky.com/downlo...
Save it to the Desktop.

If you cannot download the file, the malware may be blocking the attempt. You need to download ith file to a clean computer and then transfer it to the infected one using a USB flash drive, or external media (an external drive or a CD) .

Once the file is on the Desktop, right-click on the TDSSKiller.exe icon and select: Rename.
Name it a random name with a .com extension. For example: jaws.com

Now, double-click on the renamed file to launch it. If you receive a warning from Publisher: Kaspersky Lab asking if you want to run the file, click on the Run button to allow TDSSKiller to run.

When TDSSKiller starts, it displays the welcome screen.
Click on the Start Scan button.

When the scan finishes it displays a results screen stating whether or not the infection was found on your computer.

To remove the infection, click on the Continue button. If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button. Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

When TDSSKiller finishes cleaning the infection, a report stating whether or not it was successful is shown.

>>Please provide the report in your reply.<<

If TDSSKiller requires a reboot to finish the cleaning process, click on: Reboot Now


Next, start the computer in Safe Mode with Networking by tapping the F8 key while it boots, and selecting this option

Download one of these files: iExplore.exe or eXplorer.exe These files are renamed copies of RKill:
http://www.bleepingcomputer.com/dow...

Save the file selected to the Desktop, and double-click on it. (For Vista/Windows 7, select: Run as Administrator)
Ignore any messages, and allow the file to run until the command window closes.

Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program. (For Vista/Windows 7, select: Run as Administrator)

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.

>>Please post the TDSSKiller and the Malwarebytes logs in your reply so we can see where we are at, and plan any additional removal strategy, if necessary.<<


Report •
Related Solutions


Ask Question