Links Re-directing.

[Krakken]

Hi,

I've been having an issue where occasional any links clicked will be re-directed to other sites. Not sure what is going on. I've run Malwarebytes and other scans to try and detect the issue, but it has gone unidentified.

Thank you for any help.

Here are the logs from MBAM and DDS.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Spectre :: YAKUSHI [administrator]

8/13/2012 8:23:01 PM

mbam-log-2012-08-13 (20-23-01).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298633

Time elapsed: 27 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Spectre at 20:24:49 on 2012-08-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.5460 [GMT -4:00]

.

AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\wuauclt.exe

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{394CEBD3-E6FC-4DCD-BCFD-7BD661BAFB31} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{EEFF190A-B9D3-42E3-B686-CC0B71BD1CA3} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Spectre\AppData\Roaming\Mozilla\Firefox\Profiles\gz2xnbvj.default\

FF - prefs.js: browser.startup.homepage - hxxp://clockworkouroboros.com/forums/chat/|http://clockworkouroboros.com/forums/|http://www.teefury.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;C:\windows\system32\DRIVERS\avc3.sys --> C:\windows\system32\DRIVERS\avc3.sys [?]

R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]

R0 gzflt;gzflt;C:\windows\system32\DRIVERS\gzflt.sys --> C:\windows\system32\DRIVERS\gzflt.sys [?]

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-7-16 103504]

R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-1-31 48128]

R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-5-6 8518008]

R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-5-6 567672]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-5 2656280]

R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-7-16 68416]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 avchv;avchv Function Driver;C:\windows\system32\DRIVERS\avchv.sys --> C:\windows\system32\DRIVERS\avchv.sys [?]

R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\usbvideo.sys --> C:\windows\system32\Drivers\usbvideo.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-5 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]

S3 avckf;avckf;C:\windows\system32\DRIVERS\avckf.sys --> C:\windows\system32\DRIVERS\avckf.sys [?]

S3 BDSandBox;BDSandBox;\??\C:\windows\system32\drivers\bdsandbox.sys --> C:\windows\system32\drivers\bdsandbox.sys [?]

S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2012-7-18 544768]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-5 136176]

S3 hidkmdf;KMDF Driver;C:\windows\system32\DRIVERS\hidkmdf.sys --> C:\windows\system32\DRIVERS\hidkmdf.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WacHidRouter;Wacom Hid Router;C:\windows\system32\DRIVERS\wachidrouter.sys --> C:\windows\system32\DRIVERS\wachidrouter.sys [?]

S3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\system32\DRIVERS\wacomrouterfilter.sys --> C:\windows\system32\DRIVERS\wacomrouterfilter.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-06 06:33:46 -------- d-----w- C:\Users\Spectre\AppData\Local\Apple Computer

2012-08-06 06:33:04 -------- d-----w- C:\Users\Spectre\AppData\Local\Apple

2012-07-22 02:22:49 -------- d-----w- C:\Users\Spectre\AppData\Roaming\f-secure

2012-07-22 02:22:41 -------- d-----w- C:\ProgramData\F-Secure

2012-07-18 17:59:34 34304 ----a-w- C:\windows\System32\DfSdkBt.exe

2012-07-18 17:59:34 28160 ----a-w- C:\windows\SysWow64\DfSdkBt32.exe

2012-07-16 17:35:38 76944 ----a-w- C:\windows\System32\drivers\bdvedisk.sys

2012-07-16 17:32:44 79952 ----a-w- C:\windows\System32\drivers\bdsandbox.sys

2012-07-16 17:32:44 511328 ----a-w- C:\windows\capicom.dll

2012-07-16 17:32:40 691896 ----a-w- C:\windows\System32\drivers\avc3.sys

2012-07-16 17:32:40 545064 ----a-w- C:\windows\System32\drivers\avckf.sys

2012-07-16 17:32:37 -------- d-----w- C:\Users\Spectre\AppData\Roaming\Bitdefender

2012-07-16 17:32:35 -------- d-----w- C:\ProgramData\Bitdefender

2012-07-16 17:30:30 138232 ----a-w- C:\windows\System32\drivers\gzflt.sys

2012-07-16 17:30:29 329800 ----a-w- C:\windows\System32\drivers\trufos.sys

2012-07-16 01:35:01 98816 ----a-w- C:\windows\sed.exe

2012-07-16 01:35:01 518144 ----a-w- C:\windows\SWREG.exe

2012-07-16 01:35:01 256000 ----a-w- C:\windows\PEV.exe

2012-07-16 01:35:01 208896 ----a-w- C:\windows\MBR.exe

.

==================== Find3M ====================

.

2012-08-03 02:40:11 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-03 02:40:11 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

.

============= FINISH: 20:25:01.29 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/10/2012 6:56:55 AM

System Uptime: 8/13/2012 2:26:11 PM (6 hours ago)

.

Motherboard: LENOVO | | Emerald Lake

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 422 GiB total, 371.506 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 26.259 GiB free.

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4a9c2fa7-d63f-44c5-a247-bb3289a3739f}

Description: Activision Xbox360 Spyro Portal

Device ID: ROOT\XBOX360USBDEVICE\0000

Manufacturer: Activision

Name: Activision Xbox360 Spyro Portal

PNP Device ID: ROOT\XBOX360USBDEVICE\0000

Service: WinUSB

.

Class GUID:

Description: Photosmart Plus B209a-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer:

Name: Photosmart Plus B209a-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP150: 8/5/2012 3:00:12 AM - Windows Update

RP151: 8/5/2012 4:15:41 AM - Windows Update

RP152: 8/6/2012 2:33:07 AM - Installed Safari

RP153: 8/6/2012 3:00:11 AM - Windows Update

RP154: 8/6/2012 5:20:22 AM - Windows Update

RP155: 8/7/2012 3:00:12 AM - Windows Update

RP156: 8/7/2012 7:44:12 PM - Windows Update

RP157: 8/9/2012 10:51:59 PM - Windows Update

RP158: 8/11/2012 9:36:28 AM - Windows Update

RP159: 8/11/2012 9:55:46 AM - Windows Update

RP160: 8/12/2012 3:00:11 AM - Windows Update

RP161: 8/12/2012 4:28:08 PM - Windows Update

RP162: 8/13/2012 3:00:16 AM - Windows Update

RP163: 8/13/2012 5:11:46 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AIM 7

Apple Software Update

B209a-m

BufferChm

D3DX10

Destinations

DeviceDiscovery

Download Updater (AOL LLC)

Energy Management

Google Chrome

Google Update Helper

GPBaseService2

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Wireless Display

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Lenovo EasyCamera

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo YouCam

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Onekey Theater

OpenOffice.org 3.3

Pokémon Trading Card Game Online

Power2Go

PS_AIO_06_B209a-m_SW_Min

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Safari

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.9

SmartWebPrinting

Snagit 11

SolutionCenter

SpyroDriver

Status

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

UserGuide

VeriFace

WebReg

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

8/13/2012 7:53:59 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

8/13/2012 7:53:59 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

8/10/2012 10:29:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

.

==== End Of File ===========================

[Maniac]

Hello Krakken! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log

[Krakken]

Seems to have found it that time.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.14.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Spectre :: YAKUSHI [administrator]

8/14/2012 12:14:47 PM

mbam-log-2012-08-14 (12-14-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195573

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Spectre\AppData\Roaming\.BitTornado\sp.DLL (Trojan.Cridex) -> Quarantined and deleted successfully.

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-14 12:23:12

-----------------------------

12:23:12.506 OS Version: Windows x64 6.1.7601 Service Pack 1

12:23:12.506 Number of processors: 4 586 0x2A07

12:23:12.506 ComputerName: YAKUSHI UserName:

12:23:16.437 Initialize success

12:24:07.545 AVAST engine defs: 12081400

12:24:21.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

12:24:21.627 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3

12:24:21.651 Disk 0 MBR read successfully

12:24:21.654 Disk 0 MBR scan

12:24:21.725 Disk 0 Windows 7 default MBR code

12:24:21.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048

12:24:21.748 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648

12:24:21.753 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672

12:24:21.879 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888

12:24:22.000 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720

12:24:22.061 Disk 0 scanning C:\windows\system32\drivers

12:24:41.665 Service scanning

12:24:45.019 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5

12:25:12.843 Modules scanning

12:25:12.866 Disk 0 trace - called modules:

12:25:12.887 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys

12:25:12.894 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096b2060]

12:25:12.899 3 CLASSPNP.SYS[fffff88001a6543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800776e050]

12:25:14.680 AVAST engine scan C:\windows

12:25:33.328 AVAST engine scan C:\windows\system32

12:29:41.532 AVAST engine scan C:\windows\system32\drivers

12:29:54.032 AVAST engine scan C:\Users\Spectre

12:36:10.533 AVAST engine scan C:\ProgramData

12:37:49.060 Scan finished successfully

12:44:37.211 Disk 0 MBR has been saved successfully to "C:\Users\Spectre\Desktop\MBR.dat"

12:44:37.271 The log file has been saved successfully to "C:\Users\Spectre\Desktop\aswMBR.txt"

[Krakken]

Unfortunately, I'm still getting re-directed. Very stubborn infection.

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Krakken]

Alright, heres the Combofix log.

ComboFix 12-08-14.05 - Spectre 08/15/2012 13:08:25.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6388 [GMT -4:00]

Running from: c:\users\Spectre\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}

FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

.

2012-08-15 17:12 . 2012-08-15 17:12 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-15 17:12 . 2012-08-15 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-06 06:33 . 2012-08-06 06:34 -------- d-----w- c:\users\Spectre\AppData\Local\Apple Computer

2012-08-06 06:33 . 2012-08-06 06:33 -------- d-----w- c:\users\Spectre\AppData\Roaming\Apple Computer

2012-08-06 06:33 . 2012-08-06 06:33 -------- d-----w- c:\program files (x86)\Safari

2012-08-06 06:33 . 2012-08-06 06:33 -------- d-----w- c:\programdata\Apple Computer

2012-08-06 06:33 . 2012-08-06 06:33 -------- d-----w- c:\users\Spectre\AppData\Local\Apple

2012-08-06 06:33 . 2012-08-06 06:33 -------- d-----w- c:\programdata\Apple

2012-08-06 06:33 . 2012-08-06 06:33 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-07-22 02:22 . 2012-07-22 02:22 -------- d-----w- c:\users\Spectre\AppData\Roaming\f-secure

2012-07-22 02:22 . 2012-07-22 02:22 -------- d-----w- c:\programdata\F-Secure

2012-07-18 17:59 . 2009-08-25 01:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe

2012-07-18 17:59 . 2009-08-25 01:08 28160 ----a-w- c:\windows\SysWow64\DfSdkBt32.exe

2012-07-18 17:59 . 2012-07-18 17:59 -------- d-----w- c:\program files (x86)\Ashampoo

2012-07-16 17:35 . 2012-07-16 17:35 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2012-07-16 17:32 . 2011-11-17 21:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2012-07-16 17:32 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll

2012-07-16 17:32 . 2012-03-21 00:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-07-16 17:32 . 2012-02-17 20:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-07-16 17:32 . 2012-07-16 17:32 -------- d-----w- c:\users\Spectre\AppData\Roaming\Bitdefender

2012-07-16 17:32 . 2012-07-16 17:33 -------- d-----w- c:\programdata\Bitdefender

2012-07-16 17:30 . 2012-04-11 21:03 138232 ----a-w- c:\windows\system32\drivers\gzflt.sys

2012-07-16 17:30 . 2012-04-24 19:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 06:40 . 2012-04-01 16:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 06:40 . 2012-02-11 02:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-13 07:00 . 2012-06-27 07:13 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2012-05-30 05:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-16_01.46.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-12 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-15 06:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-12 03:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 06:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-12 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 06:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-08-15 16:56 45968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-15 16:56 38092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-02-11 09:57 . 2012-08-15 16:56 11128 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4290451940-2028688034-837825130-1000_UserData.bin

+ 2012-07-18 21:41 . 2012-07-18 17:36 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2009-07-14 05:30 . 2012-06-27 07:15 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-07-16 17:32 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2012-02-10 11:57 . 2012-08-15 06:40 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-02-10 11:57 . 2012-07-12 19:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-02-10 11:57 . 2012-08-15 06:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-02-10 11:57 . 2012-07-12 19:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-12 19:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 06:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-08-14 16:50 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-08-06 06:33 . 2012-08-06 06:33 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe

- 2012-07-15 14:49 . 2012-07-15 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-15 16:54 . 2012-08-15 16:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-15 14:49 . 2012-07-15 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-15 16:54 . 2012-08-15 16:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-15 06:40 . 2012-08-15 06:40 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe

+ 2012-04-01 16:30 . 2012-08-15 06:40 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

- 2012-04-01 16:30 . 2012-07-12 03:40 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

- 2009-07-14 02:36 . 2012-07-15 14:54 624352 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-15 17:01 624352 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-15 17:01 106696 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-15 14:54 106696 c:\windows\system32\perfc009.dat

+ 2012-08-15 06:40 . 2012-08-15 06:40 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe

+ 2009-07-14 05:30 . 2012-07-16 17:32 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-06-27 07:15 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:01 . 2012-07-15 10:09 292296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-15 06:40 292296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-02-11 09:46 . 2012-07-15 10:09 657976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4290451940-2028688034-837825130-1000-4096.dat

+ 2012-02-11 09:46 . 2012-07-16 05:58 657976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4290451940-2028688034-837825130-1000-4096.dat

+ 2012-08-06 06:33 . 2012-08-06 06:33 897024 c:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

+ 2012-08-15 06:40 . 2012-08-15 06:40 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

+ 2012-08-15 06:40 . 2012-08-15 06:40 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

+ 2012-02-11 09:46 . 2012-08-14 07:45 1225580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4290451940-2028688034-837825130-1000-12288.dat

- 2012-02-11 09:46 . 2012-06-14 08:02 1225580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4290451940-2028688034-837825130-1000-12288.dat

+ 2012-04-16 18:53 . 2012-04-16 18:53 2323456 c:\windows\Installer\2059a2c.msi

+ 2012-08-15 06:40 . 2012-08-15 06:40 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll

+ 2012-02-11 09:46 . 2012-08-15 06:40 42352312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4290451940-2028688034-837825130-1000-8192.dat

+ 2012-04-25 15:23 . 2012-04-25 15:23 38233600 c:\windows\Installer\2059a30.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-01-05 329056]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]

R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-25 544768]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 136176]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-12 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-01-05 57952]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-01-05 39008]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-01-05 13408]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-01-31 48128]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]

S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-08-01 68416]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-05 29792]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]

S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:40]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 04:39]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 04:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2012-01-05 04:29 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-01-05 114688]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-01-05 789920]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-05 9769888]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-05 5908928]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-08-01 1528432]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Spectre\AppData\Roaming\Mozilla\Firefox\Profiles\gz2xnbvj.default\

FF - prefs.js: browser.startup.homepage - hxxp://clockworkouroboros.com/forums/chat/|http://clockworkouroboros.com/forums/|http://www.teefury.com/

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-15 13:13:28

ComboFix-quarantined-files.txt 2012-08-15 17:13

ComboFix2.txt 2012-08-14 00:01

ComboFix3.txt 2012-07-16 02:00

.

Pre-Run: 399,458,242,560 bytes free

Post-Run: 399,298,732,032 bytes free

.

- - End Of File - - 6FAAF5255051A088B0C3215D64420567

[Maniac]

To which website you was redirected?

[Krakken]

Nothing specific. Normally an advertising site related to whatever I am searching. It seems random.

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Krakken]

The only thing in the log was the following:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

However the scan deleted two things:

C:\Users\Spectre\AppData\Local\{2C1E54D9-CB66-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

C:\Users\Spectre\Downloads\openofficecalc-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined

[Maniac]

What about now?

[Maurice Naggar]

@ krakken

Are you still with us? Have you resolved your issue ?

If we do not hear back from you soon, this thread will be closed.

[Krakken]

Yes! After much testing this seems to have resolved the issue. Thanks.

[Maniac]

Glad I could help!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then delete DDS and aswMBR.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!