McDuff

Hi All actions carried out as recommended and still looking good. So, many thanks indeed for all your help, you absolutely cracked it! Cheers McDuff

You are a star - still working fine! SecurityCheck log follows. McDuff Results of screen317's Security Check version 0.99.62 Windows 7 x64 Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AntiVir Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

It was ie. Just tried it for a while and seems to be working much better; no redirects, faster and able to close ie window without hanging. Does this mean it is fixed? McDuff

Hi MrC ComboFix log follows. McDuff. ComboFix 13-04-20.02 - dan 21/04/2013 15:26:44.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1911.824 [GMT 1:00] Running from: c:\users\dan\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 ))))))))))))))))))))))))))))))) . . 2013-04-21 14:31 . 2013-04-21 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-21 14:02 . 2013-04-21 14:02 -------- d-----w- c:\windows\ERUNT 2013-04-21 14:02 . 2013-04-21 14:02 -------- d-----w- C:\JRT 2013-04-21 13:38 . 2013-04-21 13:38 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1E9854-2971-4D69-93C0-BEA7F0FBE04F}\offreg.dll 2013-04-20 21:45 . 2013-04-20 21:45 -------- d-----w- c:\users\dan\AppData\Local\Apps 2013-04-20 21:45 . 2013-04-20 21:45 -------- d-----w- c:\users\dan\AppData\Local\Deployment 2013-04-19 11:53 . 2013-04-19 11:53 -------- d-----w- c:\users\dan\AppData\Roaming\LavasoftStatistics 2013-04-19 11:47 . 2013-04-19 11:47 -------- d-----w- c:\programdata\Downloaded Installations 2013-04-19 11:46 . 2013-04-19 11:46 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-04-19 11:46 . 2013-04-19 11:46 -------- d-----w- c:\users\dan\AppData\Roaming\SecureSearch 2013-04-19 11:45 . 2013-04-19 11:45 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-04-19 00:12 . 2013-04-19 00:12 -------- d-----w- c:\program files\CCleaner 2013-04-18 22:25 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1E9854-2971-4D69-93C0-BEA7F0FBE04F}\mpengine.dll 2013-04-18 22:25 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll 2013-04-18 22:25 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-18 22:25 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-18 22:25 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll 2013-04-18 22:25 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-18 22:25 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-18 22:23 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-18 22:23 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-18 22:23 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-18 22:23 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-18 22:23 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 11:10 . 2013-04-10 11:11 -------- d-----w- c:\programdata\VirtualizedApplications 2013-04-10 11:09 . 2013-04-10 11:09 -------- d-----w- c:\users\dan\AppData\Local\Programs 2013-04-10 11:07 . 2013-04-10 11:07 -------- d-----w- c:\users\dan\AppData\Roaming\Malwarebytes 2013-04-10 11:07 . 2013-04-10 11:07 -------- d-----w- c:\programdata\Malwarebytes 2013-04-10 11:07 . 2013-04-10 11:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-10 11:07 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-09 21:21 . 2013-04-09 21:21 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-04-04 20:51 . 2013-04-04 20:51 -------- d-----w- c:\program files\Enigma Software Group 2013-04-04 20:49 . 2013-04-04 20:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-03-26 23:08 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-18 22:42 . 2010-12-25 12:41 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-12 23:39 . 2012-11-02 19:51 693976 ------w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 23:39 . 2011-12-23 14:40 73432 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 00:10 . 2011-01-28 16:28 282744 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-08 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x] R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192] R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400] R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-04-19 11776] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 121344] R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-04-19 233472] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-19 14456] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-08-15 136360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768] S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-08-06 229456] S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP <NO NAME> REG_SZ . Contents of the 'Scheduled Tasks' folder . 2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 23:40] . 2013-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3418974506-388243347-3989109831-1000Core.job - c:\users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 23:23] . 2013-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3418974506-388243347-3989109831-1000UA.job - c:\users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 23:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2010-09-11 12:14 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736] "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608] . ------- Supplementary Scan ------- . uStart Page = hxxp://google.co.uk/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC}: NameServer = 10.203.65.68 10.203.65.68 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-drthec - (no file) Wow6432Node-HKCU-Run-dilasr - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-21 15:34:28 ComboFix-quarantined-files.txt 2013-04-21 14:34 . Pre-Run: 87,799,230,464 bytes free Post-Run: 87,367,467,008 bytes free . - - End Of File - - 74A4AD51C48E58318E9A40BA383F97C3

Apologies MrC - We ran MBAM, Avira, CCleaner and Adwcleaner. Just ran JunkWare Removal Tool, log follows. McDuff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.7 (04.21.2013:1) OS: Windows 7 Home Premium x64 Ran by dan on 21/04/2013 at 15:03:01.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll Successfully deleted: [File] "C:\windows\s.bat" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/04/2013 at 15:06:01.16 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi MrC # AdwCleaner v2.200 - Logfile created 04/21/2013 at 14:42:55 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : dan - DAN-PC # Boot Mode : Normal # Running from : C:\Users\dan\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.17267 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [6822 octets] - [20/04/2013 17:53:47] AdwCleaner[R2].txt - [934 octets] - [20/04/2013 18:20:28] AdwCleaner[R3].txt - [765 octets] - [21/04/2013 14:42:55] AdwCleaner[s1].txt - [299 octets] - [20/04/2013 17:54:39] AdwCleaner[s2].txt - [6834 octets] - [20/04/2013 18:07:58] ########## EOF - C:\AdwCleaner[R3].txt - [943 octets] ##########

Hi MrC, good to hear from you - that was quick! Many thanks for your help, log follows: McDuff. RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : dan [Admin rights] Mode : Scan -- Date : 04/21/2013 14:32:20 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC} : NameServer (10.203.65.68 10.203.65.68) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC} : NameServer (10.203.65.68 10.203.65.68) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MJA2250BH G2 +++++ --- User --- [MBR] 0dcc363c3572b8827e157bd91cfba153 [bSP] d182c015d2717a3e7b920a7b17d75d36 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 193473 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 396644352 | Size: 29692 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 457453568 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04212013_02d1432.txt >> RKreport[1]_S_04212013_02d1432.txt

Hi My son has asked me to look at his laptop, which has recently had problems with the browser being redirected to 'Delta Search' and just generally running incredibly slowly. I have run virus checks which have identified and allegedly removed some threats, but it still seems to be operating very slowly on the internet (much faster when in safe mode) so I thought I would ask for some real expert advice. Please see logs below and thanks in advance! McDuff. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 25/12/2010 11:20:34 System Uptime: 21/04/2013 13:37:07 (0 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 189 GiB total, 82.042 GiB free. D: is FIXED (NTFS) - 29 GiB total, 27.838 GiB free. E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP197: 18/04/2013 23:40:23 - Windows Update RP198: 19/04/2013 10:03:06 - Configured YouCam . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.0.1 Avira AntiVir Personal - Free Antivirus Broadcom 802.11 Wireless Driver CCleaner Conexant HD Audio Energy Management Facebook Video Calling 1.2.0.287 Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java™ 6 Update 30 Junk Mail filter update Lenovo DirectShare Lenovo EasyCamera Lenovo OneKey Recovery Lenovo ReadyComm 5 Lenovo ReadyComm 5.0 Service Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSVCRT Onekey Theater ooVoo OpenOffice.org 3.2 Picasa 3 Power2Go Realtek Ethernet Controller Driver For Windows Vista and Later Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 21/04/2013 13:39:48, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified. 21/04/2013 00:53:06, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.60. The computer with the IP address 192.168.1.141 did not allow the name to be claimed by this computer. 20/04/2013 23:12:43, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 20/04/2013 18:06:53, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 20/04/2013 17:11:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 20/04/2013 17:11:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 20/04/2013 17:03:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 20/04/2013 17:03:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 20/04/2013 17:03:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 20/04/2013 17:03:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 20/04/2013 17:03:13, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 21 20/04/2013 17:02:58, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr Wanarpv6 20/04/2013 17:02:56, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 20/04/2013 15:26:07, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 19/04/2013 07:56:55, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 19/04/2013 03:07:04, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4. 19/04/2013 03:05:58, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5. 19/04/2013 03:04:49, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6. 19/04/2013 03:03:20, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7. 19/04/2013 03:02:02, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8. 18/04/2013 23:04:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 18/04/2013 23:04:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 18/04/2013 23:04:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect. 18/04/2013 23:04:02, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.17267 Run by dan at 13:49:22 on 2013-04-21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1911.788 [GMT 1:00] . AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\System32\WUDFHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.co.uk/ uSearch Bar = Preserve uSearch Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [drthec] rundll32.exe uRun: [dilasr] rundll32.exe uRun: [Facebook Update] "C:\Users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\24279676864724F687D2337723175677 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\35B4950393531383 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\35B4959364132303 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\4586F6D637F6E6431383131403 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\4586F6D637F6E6531444235343 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\6596C6C61676560275966496 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC} : NameServer = 10.203.65.68 10.203.65.68 SSODL: WebCheck - <orphaned> x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-4-19 14456] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-25 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-25 269480] R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2010-12-25 88288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-11 13336] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-11 2320920] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-9-11 28176] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-9-11 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-9-11 158976] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-9-11 271872] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2009-12-2 721768] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2009-12-2 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-9-11 229456] R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-9-11 11280] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-9-11 79376] S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152] S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848] S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-9-11 509192] S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-9-11 579400] S3 massfilter;MBB Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2011-7-9 11776] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-9-11 242720] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-11 239616] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736] S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840] S3 ZTEusbvoice;ZTE VoUSB Port;C:\windows\System32\drivers\zteusbvoice.sys [2011-7-9 121344] S3 ZTEusbwwan;ZTE MBN Miniport;C:\windows\System32\drivers\ZTEusbwwan.sys [2011-7-9 233472] . =============== Created Last 30 ================ . 2013-04-20 21:45:39 -------- d-----w- C:\Users\dan\AppData\Local\Apps 2013-04-20 21:45:38 -------- d-----w- C:\Users\dan\AppData\Local\Deployment 2013-04-19 11:53:43 -------- d-----w- C:\Users\dan\AppData\Roaming\LavasoftStatistics 2013-04-19 11:47:05 -------- d-----w- C:\ProgramData\Downloaded Installations 2013-04-19 11:46:53 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2013-04-19 11:46:51 -------- d-----w- C:\Users\dan\AppData\Roaming\SecureSearch 2013-04-19 11:45:51 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys 2013-04-19 08:50:47 -------- d-----w- C:\windows\pss 2013-04-19 00:12:48 -------- d-----w- C:\Program Files\CCleaner 2013-04-18 22:25:52 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F1E9854-2971-4D69-93C0-BEA7F0FBE04F}\mpengine.dll 2013-04-18 22:25:18 3138048 ----a-w- C:\windows\System32\mstscax.dll 2013-04-18 22:25:17 2691072 ----a-w- C:\windows\SysWow64\mstscax.dll 2013-04-18 22:25:15 44032 ----a-w- C:\windows\System32\tsgqec.dll 2013-04-18 22:25:15 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll 2013-04-18 22:25:15 158208 ----a-w- C:\windows\System32\aaclient.dll 2013-04-18 22:25:15 131072 ----a-w- C:\windows\SysWow64\aaclient.dll 2013-04-18 22:23:57 3902312 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-04-18 22:23:56 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-04-18 22:23:56 3958120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-04-18 22:23:56 112640 ----a-w- C:\windows\System32\smss.exe 2013-04-18 22:23:54 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-04-10 11:10:06 -------- d-----w- C:\ProgramData\VirtualizedApplications 2013-04-10 11:09:16 -------- d-----w- C:\Users\dan\AppData\Local\Programs 2013-04-10 11:07:36 -------- d-----w- C:\Users\dan\AppData\Roaming\Malwarebytes 2013-04-10 11:07:25 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-10 11:07:23 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-04-10 11:07:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-09 21:21:12 -------- d-----w- C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-04-04 20:51:04 -------- d-----w- C:\Program Files\Enigma Software Group 2013-04-04 20:49:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-03-26 23:08:40 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-03-19 06:19:35 5497688 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-03-12 23:39:58 73432 ------w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 23:39:58 693976 ------w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 00:10:56 282744 ------w- C:\windows\System32\MpSigStub.exe 2013-03-02 05:49:19 1198080 ----a-w- C:\windows\System32\wininet.dll 2013-03-02 05:43:16 57856 ----a-w- C:\windows\System32\licmgr10.dll 2013-03-02 05:06:05 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2013-03-02 04:38:33 482816 ----a-w- C:\windows\System32\html.iec 2013-03-02 04:03:34 386048 ----a-w- C:\windows\SysWow64\html.iec 2013-03-02 03:56:13 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2013-03-02 03:30:45 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll 2013-03-02 03:29:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-03-01 03:32:29 3150848 ----a-w- C:\windows\System32\win32k.sys 2013-01-24 05:41:03 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys . ============= FINISH: 13:50:13.51 ===============