Help, I need somebody ...

[McDuff]

Hi

My son has asked me to look at his laptop, which has recently had problems with the browser being redirected to 'Delta Search' and just generally running incredibly slowly.

I have run virus checks which have identified and allegedly removed some threats, but it still seems to be operating very slowly on the internet (much faster when in safe mode) so I thought I would ask for some real expert advice.

Please see logs below and thanks in advance!

McDuff.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 25/12/2010 11:20:34

System Uptime: 21/04/2013 13:37:07 (0 hours ago)

.

Motherboard: LENOVO | | Base Board Product Name

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 189 GiB total, 82.042 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 27.838 GiB free.

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP197: 18/04/2013 23:40:23 - Windows Update

RP198: 19/04/2013 10:03:06 - Configured YouCam

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.0.1

Avira AntiVir Personal - Free Antivirus

Broadcom 802.11 Wireless Driver

CCleaner

Conexant HD Audio

Energy Management

Facebook Video Calling 1.2.0.287

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java™ 6 Update 30

Junk Mail filter update

Lenovo DirectShare

Lenovo EasyCamera

Lenovo OneKey Recovery

Lenovo ReadyComm 5

Lenovo ReadyComm 5.0 Service

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MSVCRT

Onekey Theater

ooVoo

OpenOffice.org 3.2

Picasa 3

Power2Go

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

21/04/2013 13:39:48, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.

21/04/2013 00:53:06, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.60. The computer with the IP address 192.168.1.141 did not allow the name to be claimed by this computer.

20/04/2013 23:12:43, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

20/04/2013 18:06:53, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

20/04/2013 17:11:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

20/04/2013 17:11:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

20/04/2013 17:03:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

20/04/2013 17:03:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

20/04/2013 17:03:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

20/04/2013 17:03:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

20/04/2013 17:03:13, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 21

20/04/2013 17:02:58, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr Wanarpv6

20/04/2013 17:02:56, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

20/04/2013 15:26:07, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

19/04/2013 07:56:55, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

19/04/2013 03:07:04, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.

19/04/2013 03:05:58, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

19/04/2013 03:04:49, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6.

19/04/2013 03:03:20, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

19/04/2013 03:02:02, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.

18/04/2013 23:04:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

18/04/2013 23:04:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

18/04/2013 23:04:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

18/04/2013 23:04:02, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.17267

Run by dan at 13:49:22 on 2013-04-21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1911.788 [GMT 1:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\System32\WUDFHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.co.uk/

uSearch Bar = Preserve

uSearch Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [drthec] rundll32.exe

uRun: [dilasr] rundll32.exe

uRun: [Facebook Update] "C:\Users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\24279676864724F687D2337723175677 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\35B4950393531383 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\35B4959364132303 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\4586F6D637F6E6431383131403 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\4586F6D637F6E6531444235343 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{6DCF3059-EB20-49FB-A298-D43BB53A599E}\6596C6C61676560275966496 : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC} : NameServer = 10.203.65.68 10.203.65.68

SSODL: WebCheck - <orphaned>

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-4-19 14456]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-25 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-25 269480]

R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2010-12-25 88288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-11 13336]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-11 2320920]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-9-11 28176]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-9-11 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-9-11 158976]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-9-11 271872]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]

R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-9-11 229456]

R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-9-11 11280]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-9-11 79376]

S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]

S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]

S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-9-11 509192]

S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-9-11 579400]

S3 massfilter;MBB Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2011-7-9 11776]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-9-11 242720]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-11 239616]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S3 ZTEusbvoice;ZTE VoUSB Port;C:\windows\System32\drivers\zteusbvoice.sys [2011-7-9 121344]

S3 ZTEusbwwan;ZTE MBN Miniport;C:\windows\System32\drivers\ZTEusbwwan.sys [2011-7-9 233472]

.

=============== Created Last 30 ================

.

2013-04-20 21:45:39 -------- d-----w- C:\Users\dan\AppData\Local\Apps

2013-04-20 21:45:38 -------- d-----w- C:\Users\dan\AppData\Local\Deployment

2013-04-19 11:53:43 -------- d-----w- C:\Users\dan\AppData\Roaming\LavasoftStatistics

2013-04-19 11:47:05 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-04-19 11:46:53 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-04-19 11:46:51 -------- d-----w- C:\Users\dan\AppData\Roaming\SecureSearch

2013-04-19 11:45:51 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys

2013-04-19 08:50:47 -------- d-----w- C:\windows\pss

2013-04-19 00:12:48 -------- d-----w- C:\Program Files\CCleaner

2013-04-18 22:25:52 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F1E9854-2971-4D69-93C0-BEA7F0FBE04F}\mpengine.dll

2013-04-18 22:25:18 3138048 ----a-w- C:\windows\System32\mstscax.dll

2013-04-18 22:25:17 2691072 ----a-w- C:\windows\SysWow64\mstscax.dll

2013-04-18 22:25:15 44032 ----a-w- C:\windows\System32\tsgqec.dll

2013-04-18 22:25:15 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll

2013-04-18 22:25:15 158208 ----a-w- C:\windows\System32\aaclient.dll

2013-04-18 22:25:15 131072 ----a-w- C:\windows\SysWow64\aaclient.dll

2013-04-18 22:23:57 3902312 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-04-18 22:23:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-04-18 22:23:56 3958120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-04-18 22:23:56 112640 ----a-w- C:\windows\System32\smss.exe

2013-04-18 22:23:54 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-04-10 11:10:06 -------- d-----w- C:\ProgramData\VirtualizedApplications

2013-04-10 11:09:16 -------- d-----w- C:\Users\dan\AppData\Local\Programs

2013-04-10 11:07:36 -------- d-----w- C:\Users\dan\AppData\Roaming\Malwarebytes

2013-04-10 11:07:25 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-10 11:07:23 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-04-10 11:07:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-09 21:21:12 -------- d-----w- C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP

2013-04-04 20:51:04 -------- d-----w- C:\Program Files\Enigma Software Group

2013-04-04 20:49:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-03-26 23:08:40 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-03-19 06:19:35 5497688 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-12 23:39:58 73432 ------w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 23:39:58 693976 ------w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-03-12 00:10:56 282744 ------w- C:\windows\System32\MpSigStub.exe

2013-03-02 05:49:19 1198080 ----a-w- C:\windows\System32\wininet.dll

2013-03-02 05:43:16 57856 ----a-w- C:\windows\System32\licmgr10.dll

2013-03-02 05:06:05 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2013-03-02 04:38:33 482816 ----a-w- C:\windows\System32\html.iec

2013-03-02 04:03:34 386048 ----a-w- C:\windows\SysWow64\html.iec

2013-03-02 03:56:13 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2013-03-02 03:30:45 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll

2013-03-02 03:29:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-03-01 03:32:29 3150848 ----a-w- C:\windows\System32\win32k.sys

2013-01-24 05:41:03 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys

.

============= FINISH: 13:50:13.51 ===============

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:

Click on the

Follow This Topic Button

(at the top right of this page), make sure that the

Receive notification

box is checked and that it is set to

Instantly

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[McDuff]

Hi MrC, good to hear from you - that was quick!

Many thanks for your help, log follows:

McDuff.

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : dan [Admin rights]

Mode : Scan -- Date : 04/21/2013 14:32:20

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC} : NameServer (10.203.65.68 10.203.65.68) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC} : NameServer (10.203.65.68 10.203.65.68) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MJA2250BH G2 +++++

--- User ---

[MBR] 0dcc363c3572b8827e157bd91cfba153

[bSP] d182c015d2717a3e7b920a7b17d75d36 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 193473 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 396644352 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 457453568 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04212013_02d1432.txt >>

RKreport[1]_S_04212013_02d1432.txt

[MrCharlie]

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[McDuff]

Hi MrC

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 14:42:55

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : dan - DAN-PC

# Boot Mode : Normal

# Running from : C:\Users\dan\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17267

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6822 octets] - [20/04/2013 17:53:47]

AdwCleaner[R2].txt - [934 octets] - [20/04/2013 18:20:28]

AdwCleaner[R3].txt - [765 octets] - [21/04/2013 14:42:55]

AdwCleaner[s1].txt - [299 octets] - [20/04/2013 17:54:39]

AdwCleaner[s2].txt - [6834 octets] - [20/04/2013 18:07:58]

########## EOF - C:\AdwCleaner[R3].txt - [943 octets] ##########

[MrCharlie]

You should have said you already ran that.

Have you run JunkWare Removal Tool?

MrC

[McDuff]

Apologies MrC - We ran MBAM, Avira, CCleaner and Adwcleaner.

Just ran JunkWare Removal Tool, log follows.

McDuff

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.7 (04.21.2013:1)

OS: Windows 7 Home Premium x64

Ran by dan on 21/04/2013 at 15:03:01.83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] "C:\windows\s.bat"

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/04/2013 at 15:06:01.16

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[MrCharlie]

OK....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[McDuff]

Hi MrC

ComboFix log follows.

McDuff.

ComboFix 13-04-20.02 - dan 21/04/2013 15:26:44.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1911.824 [GMT 1:00]

Running from: c:\users\dan\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))

.

.

2013-04-21 14:31 . 2013-04-21 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-21 14:02 . 2013-04-21 14:02 -------- d-----w- c:\windows\ERUNT

2013-04-21 14:02 . 2013-04-21 14:02 -------- d-----w- C:\JRT

2013-04-21 13:38 . 2013-04-21 13:38 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1E9854-2971-4D69-93C0-BEA7F0FBE04F}\offreg.dll

2013-04-20 21:45 . 2013-04-20 21:45 -------- d-----w- c:\users\dan\AppData\Local\Apps

2013-04-20 21:45 . 2013-04-20 21:45 -------- d-----w- c:\users\dan\AppData\Local\Deployment

2013-04-19 11:53 . 2013-04-19 11:53 -------- d-----w- c:\users\dan\AppData\Roaming\LavasoftStatistics

2013-04-19 11:47 . 2013-04-19 11:47 -------- d-----w- c:\programdata\Downloaded Installations

2013-04-19 11:46 . 2013-04-19 11:46 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-04-19 11:46 . 2013-04-19 11:46 -------- d-----w- c:\users\dan\AppData\Roaming\SecureSearch

2013-04-19 11:45 . 2013-04-19 11:45 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-04-19 00:12 . 2013-04-19 00:12 -------- d-----w- c:\program files\CCleaner

2013-04-18 22:25 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1E9854-2971-4D69-93C0-BEA7F0FBE04F}\mpengine.dll

2013-04-18 22:25 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll

2013-04-18 22:25 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-18 22:25 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-18 22:25 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll

2013-04-18 22:25 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-18 22:25 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-18 22:23 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-18 22:23 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-18 22:23 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-18 22:23 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-18 22:23 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 11:10 . 2013-04-10 11:11 -------- d-----w- c:\programdata\VirtualizedApplications

2013-04-10 11:09 . 2013-04-10 11:09 -------- d-----w- c:\users\dan\AppData\Local\Programs

2013-04-10 11:07 . 2013-04-10 11:07 -------- d-----w- c:\users\dan\AppData\Roaming\Malwarebytes

2013-04-10 11:07 . 2013-04-10 11:07 -------- d-----w- c:\programdata\Malwarebytes

2013-04-10 11:07 . 2013-04-10 11:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-04-10 11:07 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-09 21:21 . 2013-04-09 21:21 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP

2013-04-04 20:51 . 2013-04-04 20:51 -------- d-----w- c:\program files\Enigma Software Group

2013-04-04 20:49 . 2013-04-04 20:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-03-26 23:08 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-18 22:42 . 2010-12-25 12:41 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-03-12 23:39 . 2012-11-02 19:51 693976 ------w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-12 23:39 . 2011-12-23 14:40 73432 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 00:10 . 2011-01-28 16:28 282744 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-08 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]

R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-04-19 11776]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 121344]

R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-04-19 233472]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-19 14456]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-08-15 136360]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-08-06 229456]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

<NO NAME> REG_SZ

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 23:40]

.

2013-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3418974506-388243347-3989109831-1000Core.job

- c:\users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 23:23]

.

2013-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3418974506-388243347-3989109831-1000UA.job

- c:\users\dan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 23:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2010-09-11 12:14 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.co.uk/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{71959E9F-6ECB-42B1-86B7-DC8FA5E619CC}: NameServer = 10.203.65.68 10.203.65.68

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-drthec - (no file)

Wow6432Node-HKCU-Run-dilasr - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-21 15:34:28

ComboFix-quarantined-files.txt 2013-04-21 14:34

.

Pre-Run: 87,799,230,464 bytes free

Post-Run: 87,367,467,008 bytes free

.

- - End Of File - - 74A4AD51C48E58318E9A40BA383F97C3

[MrCharlie]

What browsers are being redirected??

MrC

[McDuff]

It was ie.

Just tried it for a while and seems to be working much better; no redirects, faster and able to close ie window without hanging.

Does this mean it is fixed?

McDuff

[MrCharlie]

I hope so, use it and see....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!
  

MrC

[McDuff]

You are a star - still working fine!

SecurityCheck log follows.

McDuff

Results of screen317's Security Check version 0.99.62

Windows 7 x64

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AntiVir Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 30

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[MrCharlie]

I'll keep the post open for a while in case there's a problem.

---------------

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Java™ 6 Update 30 <---please uninstall from add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Un-check the box to install the Ask toolbar!!! and any other free "stuff".

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

-------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[McDuff]

Hi

All actions carried out as recommended and still looking good.

So, many thanks indeed for all your help, you absolutely cracked it!

Cheers

McDuff

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!