Redirect Virus

[incognitoguy]

Hello, it seems that MBAM can't catch it. Here are the relevant logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Yang at 21:29:07 on 2012-03-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.3962 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\SysWOW64\svchost.exe -k netsvcs

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\StarCraft II\Versions\Base21029\SC2.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uStart Page = hxxp://lenovo.msn.com

mStart Page = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spotify] "C:\Users\Yang\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [snp2uvc] C:\windows\vsnp2uvc.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\34963736F67423936353 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\35247413532373 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\C4965784F6D656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\E416E6369764C656473686562723 : DhcpNameServer = 192.168.1.254 192.168.100.100

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [snp2uvc] C:\windows\vsnp2uvc.exe

mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\74m69dyo.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 1b499069-3cb4-41ff-b58c-64298c5e9f74

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,

.

============= SERVICES / DRIVERS ===============

.

R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-24 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-17 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-24 2253120]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-24 2656280]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]

R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]

R3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\system32\DRIVERS\btwdpan.sys --> C:\windows\system32\DRIVERS\btwdpan.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\system32\DRIVERS\jmccgp.sys --> C:\windows\system32\DRIVERS\jmccgp.sys [?]

R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\system32\Drivers\jmcam.sys --> C:\windows\system32\Drivers\jmcam.sys [?]

R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\system32\Drivers\jmcam_lo.sys --> C:\windows\system32\Drivers\jmcam_lo.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]

S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/11/24 11:34:20;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-07 17:18:09 33856 ---ha-w- C:\windows\System32\hamachi.sys

2012-03-07 17:18:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-03-06 20:14:00 -------- d-----w- C:\Users\Yang\AppData\Roaming\NVIDIA

2012-03-06 19:38:45 -------- d-----w- C:\Mass Effect 3

2012-03-06 19:35:22 0 --sha-w- C:\windows\System32\dds_trash_log.cmd

2012-03-06 19:34:15 -------- d-----we C:\windows\system64

2012-03-06 09:51:20 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08570133-14AD-443D-A352-2863FA38173F}\mpengine.dll

2012-03-03 03:46:17 -------- d-----w- C:\Program Files (x86)\Cisco

2012-03-03 03:45:34 -------- d--h--w- C:\windows\System32\WLANProfiles

2012-03-03 03:43:02 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2012-03-02 17:26:20 -------- d-----w- C:\Users\Yang\AppData\Roaming\Lenovo

2012-03-02 17:26:18 -------- d-----w- C:\ProgramData\Lenovo

2012-03-02 16:58:59 -------- d-----w- C:\Program Files (x86)\Nero

2012-03-02 02:15:09 -------- d-----w- C:\Users\Yang\AppData\Local\{49BDD6C6-A02B-409F-9EAA-5CA45DF4F785}

2012-03-02 02:14:52 -------- d-----w- C:\Users\Yang\AppData\Local\{C9DC93A2-C41B-436F-A2E3-1A004D415ED8}

2012-03-01 06:29:45 -------- d-----w- C:\Users\Yang\AppData\Local\CyberLink

2012-02-17 05:31:09 -------- d-----w- C:\Users\Yang\AppData\Roaming\TeamViewer

2012-02-17 05:28:01 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-02-15 14:46:53 -------- d-----w- C:\Users\Yang\AppData\Local\Spotify

2012-02-15 14:46:44 -------- d-----w- C:\Users\Yang\AppData\Roaming\Spotify

2012-02-15 00:38:18 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-02-15 00:38:18 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

2012-02-15 00:38:17 515584 ----a-w- C:\windows\System32\timedate.cpl

2012-02-15 00:38:17 478720 ----a-w- C:\windows\SysWow64\timedate.cpl

2012-02-15 00:38:16 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-02-15 00:38:15 498688 ----a-w- C:\windows\System32\drivers\afd.sys

2012-02-15 00:38:13 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll

2012-02-15 00:38:13 634880 ----a-w- C:\windows\System32\msvcrt.dll

2012-02-14 23:40:04 -------- d-----w- C:\Users\Yang\AppData\Roaming\EndNote

2012-02-14 23:39:23 -------- d-----w- C:\Program Files (x86)\Common Files\Risxtd

2012-02-14 23:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft

2012-02-14 23:38:59 -------- d-----w- C:\Program Files (x86)\EndNote X5

2012-02-14 23:38:36 -------- d-----w- C:\ProgramData\Thomson.ResearchSoft.Installers

2012-02-12 21:13:52 -------- d-----w- C:\Users\Yang\AppData\Local\Windows Live

2012-02-12 21:13:13 -------- d-----w- C:\Users\Yang\AppData\Local\{4F4F153A-C8D9-44A4-8AB5-728C540F9752}

2012-02-12 21:13:13 -------- d-----w- C:\Users\Yang\AppData\Local\{0784551C-10B6-49BD-B1E4-D921B4122102}

.

==================== Find3M ====================

.

2012-03-07 21:10:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-03 19:27:25 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-01-21 14:53:54 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys

2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

.

============= FINISH: 21:30:08.25 ===============

Attach.txt

DDS.txt

[LDTate]

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  
• Consider what other private information could possibly have been taken from your computer and take appropriate steps
  
• Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!