Solved Firefox redirecting about 1/4 of my links (virus?)

Status
Not open for further replies.
J

jezzag

Posts: 12   +0
I've had this redirect virus for a while now. I've tried a lot of different software: Malewarebytes Anti-Malware, Norton (that I get free through my university), and Advanced System Care 5

Since getting this "virus" about a 3 weeks ago (and before checking out this forum), I've installed several new programs and have ran Advanced System Care 5's registry scan and cleaner, and has made several restore points. (I know the forum said not that this shouldn't be done, so I wanted to let you guys know)

The Malewarebytes program didn't find any malware. But I installed this program when I first started having an issue back on 2-27-12. I do have a log from the 1st run of the program. If you guys want this log I can post it.

Also, the GMER scan did not produce a log.

Here are the logs:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Groth :: GROTH-THINK [administrator]

3/13/2012 7:26:29 AM
mbam-log-2012-03-13 (07-26-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215629
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Groth at 7:38:51 on 2012-03-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3979.2157 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Users\Groth\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcWmaxSvr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
R:\140066.enu\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006604090000"
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Groth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Groth\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Groth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D96FE6C0-182A-40C7-80C3-48F5C75E0713} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46}\26F626269716E646D656768616E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46}\45E445 : DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46}\7484347657563747 : DhcpNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46}\8435C4340275962756C6563737 : DhcpNameServer = 144.92.202.58 144.92.202.59
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46}\A457A4572456567237 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{FE6C258F-63E7-4164-8930-6F3590DCBB46}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Notification Packages = scecli ACGina
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Groth\AppData\Roaming\Mozilla\Firefox\Profiles\njgkb3ho.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.weather.com/weather/today/Madison+WI+53705
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-19 497496]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-6 498688]
R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-2-21 41832]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-2-3 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-2-21 60264]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-2-3 133992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2214504]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-9-28 446592]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-12 379496]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-3-29 1839888]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-2-3 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-2-3 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-28 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-6 986112]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-10 138360]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?]
R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?]
R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?]
R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?]
R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-9-28 478056]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-28 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-2-21 175168]
S3 swg3kflt01;Sierra Wireless USB Composite Device Filter Driver 01;C:\Windows\system32\DRIVERS\swg3kflt01.sys --> C:\Windows\system32\DRIVERS\swg3kflt01.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-13 12:25:38 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-13 12:25:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-10 19:44:44 -------- d-----w- C:\Users\Groth\AppData\Roaming\foobar2000
2012-03-10 19:44:40 -------- d-----w- C:\Program Files (x86)\foobar2000
2012-03-04 15:53:06 -------- d-----w- C:\Users\Groth\AppData\Roaming\OpenOffice.org
2012-03-04 15:52:04 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-02-29 15:05:01 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-02-28 02:08:51 -------- d-----w- C:\Users\Groth\AppData\Roaming\Malwarebytes
2012-02-28 02:08:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-28 01:44:50 -------- d-----w- C:\59172177595d2796d147
2012-02-22 15:30:52 -------- d-----w- C:\Users\Groth\AppData\Local\Intel WiDi
2012-02-21 18:01:31 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-02-21 18:01:31 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-02-21 13:51:07 -------- d-----w- C:\Users\Groth\AppData\Roaming\NVIDIA
2012-02-19 13:32:16 23896 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-19 13:26:00 -------- d-----w- C:\ProgramData\IObit
2012-02-19 13:25:48 -------- d-----w- C:\Users\Groth\AppData\Roaming\IObit
2012-02-19 13:25:38 -------- d-----w- C:\Program Files (x86)\IObit
2012-02-19 09:12:04 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-19 09:12:04 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-19 09:07:22 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-19 09:07:22 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-19 09:06:37 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-19 09:05:37 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-19 09:04:55 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-19 09:04:55 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 02:12:26 -------- d-----w- C:\Program Files\iTunes
2012-02-16 02:12:26 -------- d-----w- C:\Program Files\iPod
2012-02-16 02:12:26 -------- d-----w- C:\Program Files (x86)\iTunes
2012-02-13 16:05:53 -------- d-----w- C:\Users\Groth\AppData\Local\GPSENABLER
.
==================== Find3M ====================
.
2012-03-04 04:35:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 20:57:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 7:39:04.33 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2011 7:06:03 PM
System Uptime: 3/12/2012 9:45:30 PM (10 hours ago)
.
Motherboard: LENOVO | | 4177CTO
Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz | CPU | 2574/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 44.084 GiB free.
Q: is FIXED (NTFS) - 16 GiB total, 6.581 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: NVIDIA NVS 4200M
Device ID: PCI\VEN_10DE&DEV_1057&SUBSYS_21D017AA&REV_A1\4&2E7E2E60&0&0008
Manufacturer: NVIDIA
Name: NVIDIA NVS 4200M
PNP Device ID: PCI\VEN_10DE&DEV_1057&SUBSYS_21D017AA&REV_A1\4&2E7E2E60&0&0008
Service: nvlddmkm
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Centrino(R) Advanced-N 6250 AGN
Device ID: PCI\VEN_8086&DEV_0089&SUBSYS_13118086&REV_5E\4&8C6C5B2&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) Centrino(R) Advanced-N 6250 AGN
PNP Device ID: PCI\VEN_8086&DEV_0089&SUBSYS_13118086&REV_5E\4&8C6C5B2&0&00E1
Service: NETwNs64
.
==== System Restore Points ===================
.
RP40: 3/4/2012 8:28:13 AM - IObit Uninstaller restore point
RP41: 3/4/2012 8:30:29 AM - IObit Uninstaller restore point
RP42: 3/4/2012 8:30:35 AM - Removed Quicken 2012.
RP43: 3/4/2012 8:31:35 AM - IObit Uninstaller restore point
RP44: 3/4/2012 8:33:09 AM - IObit Uninstaller restore point
RP45: 3/4/2012 9:50:35 AM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
RP46: 3/4/2012 9:50:49 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP47: 3/4/2012 9:51:37 AM - Installed Java(TM) 6 Update 22
RP48: 3/4/2012 9:51:54 AM - Installed OpenOffice.org 3.3
RP49: 3/11/2012 9:35:40 PM - Scheduled Checkpoint
RP50: 3/12/2012 6:33:15 AM - IObit Uninstaller restore point
RP51: 3/12/2012 6:33:26 AM - Removed OpenOffice.org 3.3
RP52: 3/12/2012 7:01:15 AM - IObit Uninstaller restore point
.
==== Hosts File Hijack ======================
.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
µTorrent
Advanced SystemCare 5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Batch PPTX to PPT Converter
Burn.Now 4.5
Compatibility Pack for the 2007 Office system
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
D3DX10
Direct DiscRecorder
DivX Setup
Dropbox
Evernote v. 4.5.2
foobar2000 v1.1.11
Foxit Reader 5.1
Garmin USB Drivers
Garmin WebUpdater
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.0.74.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) WiDi
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Junk Mail filter update
Lenovo Mobile Broadband Activation
Lenovo Patch Utility
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Message Center Plus
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Thunderbird 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Stereoscopic 3D Driver
RapidBoot
RICOH Media Driver v2.10.18.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sierra Wireless QMI Lenovo Driver Package
Spotify
System Update
ThinkPad Power Manager
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage GPS
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Verizon Wireless Mobile Broadband Self Activation
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 12:20:35 PM, Error: Microsoft-Windows-Smartcard-Server [616] - Reader monitor 'Lenovo Integrated Smart Card Reader 0' received uncaught error code: Access is denied.
3/8/2012 12:20:35 PM, Error: Microsoft-Windows-Smartcard-Server [615] - Reader removal monitor error retry threshold reached: Access is denied.
3/12/2012 8:15:45 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/12/2012 8:12:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80091e3010, 0xfffff8801062d42c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031212-30950-01.
3/11/2012 4:31:25 PM, Error: nvlddmkm [14] -
.
==== End Of File ===========================

I really appreciate any help!
 
Welcome to TechSpot! I'll be glad to help but I need for you to understand the how and why we give directions:

First, I advise you to remove Advanced System Care. This is basically a registry cleaner and we do not advise anyone to use a registry cleaner. The risk far outweigh any small benefit you might get. If you chose not to uninstall this, please disable the program completely. Some of what we will do will concern the registry and having a registry cleaner working in the background is not to your advantage.

Second, please disable CCleaner- some of the same reasons as above. Other cleaning programs may delete the temporary internet files. Some rogue program store shortcuts for you program there, so if they are removed, you may have to find each program and reset it.

You are being redirected because your Host files have been hijacked..But they don't read the usual European or Asian hijackers. Are you using any private network?
========================================
Regarding following our instructions: We do not tell you not to set a restore point. We tell you not to do a System Restore. However, if there is malware on the system and you set a restore point, it will most likely have malware in it. As far as IOBIT setting restore points, I don't know where that program stores their restore points. If it's within their program, at the end of cleaning when I have you set a new, clean restore point and drop the old ones, I don't know if the IOBIT points will be found.
====================================
Let's go ahead with the following:
I'd like you to uninstall the Malwarebytes program you have now, then download new, update and run a Full Scan:

Download Link for Malwarebytes
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
=================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
After you have run Combofix, go on to the following:
Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DDS::
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
======================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Please leave all logs in your next reply: Mbam Full Scan, Combofix, CFFix, Eset, CKScan.
======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Bobbye said:
You are being redirected because your Host files have been hijacked..But they don't read the usual European or Asian hijackers. Are you using any private network?
Click to expand...

I never installed any private network. So know I don't think I'm using a private network. I don't whether or not this is relevant but I'm having trouble sharing my files from this computer "my laptop" with my other computer. If I hookup my laptop via a wired connection, my files are shared successfully.

I'll try out your steps outlined above and update you on my results
 
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Groth :: GROTH-THINK [administrator]

Protection: Disabled

3/13/2012 11:17:57 AM
mbam-log-2012-03-13 (11-17-57).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331661
Time elapsed: 20 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ComboFix 12-03-13.01 - Groth 03/13/2012 12:54:57.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3979.2277 [GMT -5:00]
Running from: c:\users\Groth\Desktop\ComboFix.exe
Command switches used :: c:\users\Groth\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 18:02 . 2012-03-13 18:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 18:02 . 2012-03-13 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 18:02 . 2012-03-13 18:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-13 16:16 . 2012-03-13 16:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 16:16 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 19:44 . 2012-03-13 16:15 -------- d-----w- c:\users\Groth\AppData\Roaming\foobar2000
2012-03-10 19:44 . 2012-03-10 19:44 -------- d-----w- c:\program files (x86)\foobar2000
2012-03-04 15:53 . 2012-03-04 15:53 -------- d-----w- c:\users\Groth\AppData\Roaming\OpenOffice.org
2012-03-04 15:52 . 2012-03-12 11:34 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-02-29 15:05 . 2012-03-11 14:00 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-02-28 02:08 . 2012-02-28 02:08 -------- d-----w- c:\users\Groth\AppData\Roaming\Malwarebytes
2012-02-28 02:08 . 2012-02-28 02:08 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 01:44 . 2012-02-28 01:44 -------- d-----w- C:\59172177595d2796d147
2012-02-22 15:30 . 2012-02-22 15:30 -------- d-----w- c:\users\Groth\AppData\Local\Intel WiDi
2012-02-21 18:01 . 2012-02-21 18:01 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-02-21 18:01 . 2012-02-21 18:01 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-02-21 13:51 . 2012-02-21 13:51 -------- d-----w- c:\users\Groth\AppData\Roaming\NVIDIA
2012-02-19 13:32 . 2011-12-30 23:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-19 13:26 . 2012-02-19 13:26 -------- d-----w- c:\programdata\IObit
2012-02-19 13:25 . 2012-02-29 15:48 -------- d-----w- c:\users\Groth\AppData\Roaming\IObit
2012-02-19 13:25 . 2012-02-19 13:25 -------- d-----w- c:\program files (x86)\IObit
2012-02-19 09:12 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-19 09:12 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 09:07 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-19 09:07 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-19 09:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-19 09:05 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-19 09:04 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-19 09:04 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 02:12 . 2012-02-16 02:12 -------- d-----w- c:\program files\iTunes
2012-02-16 02:12 . 2012-02-16 02:12 -------- d-----w- c:\program files (x86)\iTunes
2012-02-16 02:12 . 2012-02-16 02:12 -------- d-----w- c:\program files\iPod
2012-02-13 16:05 . 2012-02-13 16:06 -------- d-----w- c:\users\Groth\AppData\Local\GPSENABLER
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 04:35 . 2012-01-25 14:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 20:57 . 2012-01-07 20:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_17.38.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-03-13 17:40 38488 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-11 00:03 . 2012-03-13 17:40 7416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1699539174-4049867383-3466198633-1002_UserData.bin
+ 2012-03-13 17:38 . 2012-03-13 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" [2012-01-04 3208032]
"Xvid"="c:\program files (x86)\xvid\checkupdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-03-29 115624]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"iTunesHelper"="c:\program files (x86)\itunes\ituneshelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\common files\java\java update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\divx\divx update\divxupdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" [2011-11-02 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Groth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Groth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 swg3kflt01;Sierra Wireless USB Composite Device Filter Driver 01;c:\windows\system32\DRIVERS\swg3kflt01.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-06 498688]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-07-22 41832]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-07-22 60264]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-06 986112]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-03-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-07-22 42344]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-15 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 144.92.202.58 144.92.202.59
FF - ProfilePath - c:\users\Groth\AppData\Roaming\Mozilla\Firefox\Profiles\njgkb3ho.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.weather.com/weather/today/Madison+WI+53705
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-13 13:04:59
ComboFix-quarantined-files.txt 2012-03-13 18:04
ComboFix2.txt 2012-03-13 17:40
.
Pre-Run: 44,902,502,400 bytes free
Post-Run: 44,617,175,040 bytes free
.
- - End Of File - - 0A280F063B93F6E5689AABD7950D91B8
------------------------------------------------
Edit: Duplicate of above Combofix log deleted by Bobbye

No Eset Smart Installer log - nothing found

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.XDAPNS
----- EOF -----
 
Okay, let's do this:

You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
 
I did a DNS Flush and followed your protocol for resetting the router, however I forgot to turn off my other computer. Unfortunately I'm now out of town at a conference until this Sunday.

I'll do a DNS flush, router reset, rerun MBAM, and post my results this Sunday.

Thanks for your help.
 
Okay, thanks for letting me know. Just start over and follow all the steps in order.
 
Sorry for the delay, my flight back home was cancelled. I'm back in town now and will post my new results within the hour
 
Done, no malware found

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Groth :: GROTH-THINK [administrator]

Protection: Enabled

3/20/2012 7:19:50 AM
mbam-log-2012-03-20 (07-19-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344465
Time elapsed: 14 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
You were very specific in saying "about 1/4 of links in Firefox are being redirected."

That's not really consistent with a true redirect. Monitor the type of sites that are redirecting- could they be secure site? In the event of no malware, I suspect this is going to be caused by a system setting- or lack of setting such as SSL and TLS.
 
I will monitor type of sites that are redirecting. I can look into the SSL and TLS, but I wouldn't know what to look for with system settings.
 
Be sure not to leave hyperlinks to any redirected sites. Since only a few get directed, I'm just looking for file type rather than domain.

Just so we're clear on a 'redirect':

You type a word in the Google search box in Firefox> Google hits come up for you to choose> you select certain site but that site isn't what comes up> instead, you are redirected to some other, unrelated site.

If you get "server not found" in Firefox, that is not redirect> that is a connection or server or site problem, not a redirect.

It is unusual just to have 1/4 of the links not giving what you want. If these happen to be links from Bookmarks or shortcuts for instance, the links may no longer be good
 
Yes it was a clear 'redirect'. It was happening mostly when I was looking through google news, the links I clicked were taking me to other sites.

I've been paying close attention & I have to say that I have not seen any redirects since Monday. I just was on google news and read a lot of articles for the past hour and haven't gotten one redirect.

Thanks!
 
I'd like you to run SuperantiSpyware:

SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/26/2012 at 07:27 AM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type : Complete Scan
Total Scan Time : 00:20:37

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 825
Memory threats detected : 0
Registry items scanned : 71051
Registry threats detected : 0
File items scanned : 55248
File threats detected : 17

Adware.Tracking Cookie
C:\Users\Groth\AppData\Roaming\Microsoft\Windows\Cookies\VBGZPREV.txt [ /collective-media.net ]
C:\Users\Groth\AppData\Roaming\Microsoft\Windows\Cookies\DD175WXO.txt [ /invitemedia.com ]
C:\Users\Groth\AppData\Roaming\Microsoft\Windows\Cookies\HQ7483UX.txt [ /accounts.google.com ]
C:\Users\Groth\AppData\Roaming\Microsoft\Windows\Cookies\5ROLE0MT.txt [ /ads.bleepingcomputer.com ]
C:\USERS\GROTH\Cookies\VBGZPREV.txt [ Cookie:groth@collective-media.net/ ]
C:\USERS\GROTH\Cookies\DD175WXO.txt [ Cookie:groth@invitemedia.com/ ]
C:\USERS\GROTH\Cookies\HQ7483UX.txt [ Cookie:groth@accounts.google.com/ ]
adimages.scrippsnetworks.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
core.insightexpressai.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
ia.media-imdb.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
media.mtvnservices.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
media.socialvibe.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
msnbcmedia.msn.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
objects.tremormedia.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
s0.2mdn.net [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
secure-us.imrworldwide.com [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
stat.easydate.biz [ C:\USERS\GROTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DV5WDD4U ]
 
You can eliminate those Tracking Cookies by having SAS remove the ones present now, then resetting Cookies as follows:

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
An FYI for you: I checked some of the sites visited and am passing this on: I use a site advisor, Web of Trust (WOT).. It rates sites on 4 categories. If a site is know to be a bad site, I get a warning and the site won't load unless I by pass the warning. (I highly recommend putting WOT on the system so The link is embedded)

1. <secure-us.imrworldwide dot com gives the dollowing>:This site has a poor reputation based on user ratings.
2. <collective-media dot net> several entries:
Here is a best description of Tracking I've found:
a domain used by Collective which is an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site.
Sites like collective-media.net can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like collective-media.net as well as being sold to other advertisers and marketers.
Click to expand...

The reasoning behind this is suppose to be that by tracking you, it can be determined which are the best ads for you to see. Of couse, like everything else n the internet, some can be more innocuous that others.

I also notice flash objects from these sites. Malware is frequently with flash so the fewer, the better.

These come from 3rd party Cookies so blocking them will prevent most. Using plugins like AdBlockPlus and Easy List will also add more filters to keep the trash out.
====================================
Advise take Registry Defrag off of boot. Further advise remove Advanced System Care. This is mostly a registry cleaner which we do not recommend to anyone.
======================================
Last scan: First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
I followed your advise and installed those firefox add ons and removed Advanced System Care. I don't know how to take "registry defrag" off boot. I'm not sure what that is.

Here's the results of HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:27 AM, on 3/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Users\Groth\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
R:\140066.enu\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\HijackThis\HijackThis.exe
C:\Users\Groth\AppData\Local\Temp\Temp1_HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [DivXUpdate] "c:\program files (x86)\divx\divx update\divxupdate.exe" /checknow
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006604090000"
O4 - HKCU\..\Run: [Xvid] c:\program files (x86)\xvid\checkupdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1699539174-4049867383-3466198633-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1699539174-4049867383-3466198633-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Groth\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Sierra Wireless QDL Service (GobiQDLService) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14340 bytes
 
Did the redirect resolve after you ran the first CFScript and reset the router?

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\system32\RegistryDefragBootTime.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe 
Folder::
C:\59172177595d2796d147
c:\programdata\IObit
c:\users\Groth\AppData\Roaming\IObit
c:\program files (x86)\IObit
DDS::
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"=-
Driver::
AdvancedSystemCareService5

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please update Java to v6u31: Java Updates . Be sure you have uninstalled v6u22 in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
===========================================
How is the system doing now? HijackThis is okay.
 
System is running great now. I haven't seen any redirects since I ran CFscript and reset the router. My java is up to date to v6u31

Here's the combofix.txt

ComboFix 12-03-29.02 - Groth 03/29/2012 21:31:29.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3979.1180 [GMT -5:00]
Running from: c:\users\Groth\Desktop\ComboFix.exe
Command switches used :: c:\users\Groth\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe"
"c:\windows\system32\RegistryDefragBootTime.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\59172177595d2796d147
c:\59172177595d2796d147\$shtdwn$.req
c:\59172177595d2796d147\mrt.exe
c:\59172177595d2796d147\mrtstub.exe
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-02-26.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-02-27.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-02-28.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-02-29.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-01.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-02.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-03.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-04.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-05.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-06.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-07.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-08.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-09.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-10.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-11.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-12.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-13.log
c:\program files (x86)\IObit\Advanced SystemCare 5\BootTimeLog\Defrag2012-03-04(07-50-20).log
c:\program files (x86)\IObit\Advanced SystemCare 5\checkinfo.txt
c:\program files (x86)\IObit\Advanced SystemCare 5\LatestNews\imagenews.png
c:\program files (x86)\IObit\Advanced SystemCare 5\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2600217.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\sh.dat
c:\program files (x86)\IObit\Advanced SystemCare 5\Update\Update.Ini
c:\program files (x86)\IObit\Advanced SystemCare 5\UpdateHistory.txt
c:\programdata\IObit
c:\programdata\IObit\Advanced SystemCare V5\AscService.ini
c:\users\Groth\AppData\Local\Temp\nvSCPAPI64.dll
c:\users\Groth\AppData\Local\Temp\nvStereoApiI64.dll
c:\users\Groth\AppData\Roaming\IObit
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-02-19(07-29-16).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-02-19(07-35-48).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-02-27(17-39-25).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-03-03(22-36-10).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-03-10(08-38-19).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-03-12(06-50-36).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-02-19(07-29-16).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-02-19(07-35-48).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-02-27(17-39-25).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-03-03(22-36-10).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-03-10(08-38-19).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-03-12(06-50-36).reg
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\EmptyFolder\Restore.ini
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\ignore.ini
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\JFilterkey.dbd
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-02-19(07-29-16).txt
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-02-19(07-35-48).txt
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-02-27(17-39-25).txt
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-03-03(22-36-10).txt
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-03-10(08-38-19).txt
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-03-12(06-50-36).txt
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Main.ini
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\TBWorkconfig.ini
c:\users\Groth\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox\Config.ini
c:\users\Groth\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-03-04.log
c:\users\Groth\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-03-12.log
c:\users\Groth\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
c:\windows\system32\RegistryDefragBootTime.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 03:18 . 2012-03-30 03:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 03:18 . 2012-03-30 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 03:18 . 2012-03-30 03:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-28 16:43 . 2012-03-28 16:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-28 16:42 . 2012-03-28 16:42 -------- d-----w- c:\program files (x86)\Java
2012-03-28 16:40 . 2012-03-28 16:40 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 16:40 . 2012-03-28 16:40 -------- d-----w- c:\program files\Java
2012-03-28 16:25 . 2012-03-28 16:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 16:25 . 2012-03-28 16:25 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-27 15:37 . 2012-03-13 18:14 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-27 15:23 . 2012-03-27 15:27 -------- d-----w- C:\HijackThis
2012-03-26 15:20 . 2011-11-18 00:38 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-03-26 15:20 . 2011-11-18 00:40 404016 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-26 15:20 . 2011-11-18 00:38 227624 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-26 15:20 . 2011-11-18 00:38 148776 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-03-26 15:20 . 2011-11-18 00:38 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-03-26 15:20 . 2011-11-18 00:38 277800 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-26 15:20 . 2011-11-18 00:38 181544 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-03-26 12:05 . 2012-03-26 12:05 -------- d-----w- c:\users\Groth\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 12:05 . 2012-03-26 12:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 12:05 . 2012-03-26 12:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-22 18:13 . 2012-03-22 18:13 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 18:13 . 2012-03-22 18:13 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 13:09 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-21 13:09 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-21 13:09 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 18:04 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 18:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 18:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 17:34 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 17:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 17:34 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 17:34 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 17:34 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 17:34 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 17:34 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:21 . 2012-03-13 22:21 -------- d-----w- c:\program files (x86)\ESET
2012-03-13 16:16 . 2012-03-13 16:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 16:16 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 19:44 . 2012-03-27 17:35 -------- d-----w- c:\users\Groth\AppData\Roaming\foobar2000
2012-03-10 19:44 . 2012-03-10 19:44 -------- d-----w- c:\program files (x86)\foobar2000
2012-03-04 15:53 . 2012-03-04 15:53 -------- d-----w- c:\users\Groth\AppData\Roaming\OpenOffice.org
2012-03-04 15:52 . 2012-03-12 11:34 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-02-29 15:05 . 2012-03-11 14:00 -------- d-----w- c:\program files (x86)\SpywareBlaster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 16:42 . 2012-01-07 20:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-23 08:06 . 2011-09-28 21:13 527424 ------w- c:\windows\PWMBTHLV.EXE
2012-01-23 08:06 . 2011-09-28 21:13 31344 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-01-23 08:06 . 2011-09-28 21:13 14960 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-01-23 08:06 . 2011-09-28 21:13 1036352 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-01-04 10:44 . 2012-02-19 09:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-19 09:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_17.38.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-08 19:18 . 2012-03-08 19:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-08 19:18 . 2012-03-19 03:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-12 13:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-30 01:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-12 13:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 01:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 01:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-12 13:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-22 12:46 60038 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-27 15:16 38992 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-02-26 23:56 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-28 16:31 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-03-26 15:20 . 2011-11-18 00:38 66856 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPEnhPS32.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 58664 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPEnhPS.dll
+ 2011-09-28 21:13 . 2012-03-30 03:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-28 21:13 . 2012-03-13 17:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-28 21:13 . 2012-03-30 03:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-28 21:13 . 2012-03-13 17:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-13 17:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 03:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-03-12 11:37 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-03-27 12:04 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-17 04:07 . 2012-03-13 17:37 3422 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-17 04:07 . 2012-03-26 14:01 3422 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-11 00:03 . 2012-03-27 15:16 7532 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1699539174-4049867383-3466198633-1002_UserData.bin
+ 2012-03-18 22:00 . 2012-03-18 22:00 9560 c:\windows\system32\NetworkList\Icons\{A4915D9B-EC35-4A9C-8CBD-3AF55B849F1A}_48.bin
+ 2012-03-18 22:00 . 2012-03-18 22:00 4280 c:\windows\system32\NetworkList\Icons\{A4915D9B-EC35-4A9C-8CBD-3AF55B849F1A}_32.bin
+ 2012-03-18 22:00 . 2012-03-18 22:00 2456 c:\windows\system32\NetworkList\Icons\{A4915D9B-EC35-4A9C-8CBD-3AF55B849F1A}_24.bin
+ 2012-03-18 14:56 . 2012-03-18 14:56 9560 c:\windows\system32\NetworkList\Icons\{9CFF14CC-5368-4220-835B-91B449C68735}_48.bin
+ 2012-03-18 14:56 . 2012-03-18 14:56 4280 c:\windows\system32\NetworkList\Icons\{9CFF14CC-5368-4220-835B-91B449C68735}_32.bin
+ 2012-03-18 14:56 . 2012-03-18 14:56 2456 c:\windows\system32\NetworkList\Icons\{9CFF14CC-5368-4220-835B-91B449C68735}_24.bin
+ 2012-03-14 12:30 . 2012-03-14 12:30 9560 c:\windows\system32\NetworkList\Icons\{8F43AC1B-316B-40CB-BC98-5CD47480F153}_48.bin
+ 2012-03-14 12:30 . 2012-03-14 12:30 4280 c:\windows\system32\NetworkList\Icons\{8F43AC1B-316B-40CB-BC98-5CD47480F153}_32.bin
+ 2012-03-14 12:30 . 2012-03-14 12:30 2456 c:\windows\system32\NetworkList\Icons\{8F43AC1B-316B-40CB-BC98-5CD47480F153}_24.bin
+ 2012-03-19 13:56 . 2012-03-19 13:56 9560 c:\windows\system32\NetworkList\Icons\{873004FA-8873-4F49-8C67-4CBB34B2EF39}_48.bin
+ 2012-03-19 13:56 . 2012-03-19 13:56 4280 c:\windows\system32\NetworkList\Icons\{873004FA-8873-4F49-8C67-4CBB34B2EF39}_32.bin
+ 2012-03-19 13:56 . 2012-03-19 13:56 2456 c:\windows\system32\NetworkList\Icons\{873004FA-8873-4F49-8C67-4CBB34B2EF39}_24.bin
+ 2012-03-19 03:36 . 2012-03-19 03:36 9560 c:\windows\system32\NetworkList\Icons\{79DB70FA-29E1-498B-8B86-7C7F9E6B7B93}_48.bin
+ 2012-03-19 03:36 . 2012-03-19 03:36 4280 c:\windows\system32\NetworkList\Icons\{79DB70FA-29E1-498B-8B86-7C7F9E6B7B93}_32.bin
+ 2012-03-19 03:36 . 2012-03-19 03:36 2456 c:\windows\system32\NetworkList\Icons\{79DB70FA-29E1-498B-8B86-7C7F9E6B7B93}_24.bin
+ 2012-03-19 17:22 . 2012-03-19 17:22 9560 c:\windows\system32\NetworkList\Icons\{419B0567-57EA-43FE-B5B1-751FC9AB5417}_48.bin
+ 2012-03-19 17:22 . 2012-03-19 17:22 4280 c:\windows\system32\NetworkList\Icons\{419B0567-57EA-43FE-B5B1-751FC9AB5417}_32.bin
+ 2012-03-19 17:22 . 2012-03-19 17:22 2456 c:\windows\system32\NetworkList\Icons\{419B0567-57EA-43FE-B5B1-751FC9AB5417}_24.bin
+ 2012-03-15 00:50 . 2012-03-15 00:50 9560 c:\windows\system32\NetworkList\Icons\{330F497E-5B35-4FCC-9414-BAD3DDA573D3}_48.bin
+ 2012-03-15 00:50 . 2012-03-15 00:50 4280 c:\windows\system32\NetworkList\Icons\{330F497E-5B35-4FCC-9414-BAD3DDA573D3}_32.bin
+ 2012-03-15 00:50 . 2012-03-15 00:50 2456 c:\windows\system32\NetworkList\Icons\{330F497E-5B35-4FCC-9414-BAD3DDA573D3}_24.bin
+ 2012-03-26 15:20 . 2010-11-06 23:18 7728 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\TP4table.dat
+ 2012-03-30 03:23 . 2012-03-30 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-13 17:38 . 2012-03-13 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-28 20:56 . 2011-11-18 00:38 111912 c:\windows\SysWOW64\SynTPCOM.dll
+ 2012-03-28 16:25 . 2012-03-28 16:25 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-03-28 16:25 . 2012-03-28 16:25 253600 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-03-28 16:42 . 2012-03-28 16:42 157472 c:\windows\SysWOW64\javaws.exe
- 2012-01-07 20:57 . 2012-01-07 20:57 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-28 16:42 . 2012-03-28 16:42 149280 c:\windows\SysWOW64\javaw.exe
- 2012-01-07 20:57 . 2012-01-07 20:57 149280 c:\windows\SysWOW64\javaw.exe
- 2012-01-07 20:57 . 2012-01-07 20:57 149280 c:\windows\SysWOW64\java.exe
+ 2012-03-28 16:42 . 2012-03-28 16:42 149280 c:\windows\SysWOW64\java.exe
+ 2011-11-11 13:27 . 2012-03-28 04:19 234316 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-11-11 00:00 . 2012-03-30 02:24 286888 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-09-28 20:56 . 2011-11-18 00:38 419624 c:\windows\system32\SynCOM.dll
- 2009-07-14 02:36 . 2012-03-13 17:26 624622 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 01:45 624622 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 01:45 106708 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-13 17:26 106708 c:\windows\system32\perfc009.dat
+ 2012-03-28 16:25 . 2012-03-28 16:25 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_Plugin.exe
+ 2012-03-28 16:40 . 2012-03-28 16:40 191264 c:\windows\system32\javaws.exe
+ 2012-03-28 16:40 . 2012-03-28 16:40 172320 c:\windows\system32\javaw.exe
+ 2012-03-28 16:40 . 2012-03-28 16:40 172320 c:\windows\system32\java.exe
- 2009-07-14 04:45 . 2012-03-11 14:00 347936 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-03-22 01:42 347936 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-02-26 23:56 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-28 16:31 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-21 18:01 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-28 16:30 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-26 15:20 . 2011-11-18 00:38 337192 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\Tutorial.exe
+ 2012-03-26 15:20 . 2011-11-18 00:38 251176 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynZMetr.exe
+ 2012-03-26 15:20 . 2011-11-18 00:39 154408 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPLpr.exe
+ 2012-03-26 15:20 . 2011-11-18 00:38 121640 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPHelper.exe
+ 2012-03-26 15:20 . 2011-11-18 00:38 111912 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPCOM32.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 121640 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPCOM.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 148776 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPCo9.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 227624 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPAPI.dll
+ 2012-03-26 15:20 . 2011-11-18 00:40 404016 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTP.sys
+ 2012-03-26 15:20 . 2011-11-18 00:38 242984 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynMood.exe
+ 2012-03-26 15:20 . 2011-11-18 00:38 230696 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynISDLL.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 222504 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynCtrl32.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 277800 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynCtrl.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 181544 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynCOM32.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 419624 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynCOM.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 173352 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\InstNT.exe
+ 2012-03-26 15:20 . 2011-11-18 00:40 404016 c:\windows\system32\DriverStore\FileRepository\synhid.inf_amd64_neutral_b5a7b612b8a6267d\SynTP.sys
+ 2009-07-14 05:01 . 2012-03-30 03:22 324360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-13 17:37 324360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-28 16:43 . 2012-03-28 16:43 207360 c:\windows\Installer\569053d.msi
+ 2012-03-28 16:39 . 2012-03-28 16:39 908800 c:\windows\Installer\5690531.msi
+ 2011-09-28 21:21 . 2012-03-29 19:52 152588 c:\windows\Installer\{8E537894-A559-4D60-B3CB-F4485E3D24E3}\ARPPRODUCTICON.exe
- 2011-09-28 21:21 . 2012-02-03 21:58 152588 c:\windows\Installer\{8E537894-A559-4D60-B3CB-F4485E3D24E3}\ARPPRODUCTICON.exe
+ 2012-03-26 15:18 . 2012-03-26 15:18 180655 c:\windows\Installer\{5E2652DF-743F-482B-A593-C95F431A5769}\ARPPRODUCTICON.exe
+ 2012-03-26 15:19 . 2012-03-26 15:19 882688 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\8bcde1822fe8a902ccceb0d00bb7e92b\PWMUICtl.ni.dll
+ 2012-03-26 15:19 . 2012-03-26 15:19 158208 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\6da00397165e9f1cfe12445b382567bd\PWMUIAux.ni.exe
+ 2012-03-26 15:19 . 2012-03-26 15:19 928768 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUI\bd313281d9721de3ed6fad1cdcc4cdba\PWMUI.ni.exe
+ 2012-03-28 16:25 . 2012-03-28 16:25 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2012-03-26 15:20 . 2009-08-07 14:49 1721576 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\WdfCoInstaller01009.dll
+ 2012-03-26 15:20 . 2011-11-18 00:39 9302824 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPRes.dll
+ 2012-03-26 15:20 . 2011-11-18 00:38 2851112 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPEnh.exe
+ 2012-03-26 15:20 . 2011-11-18 00:38 1907496 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\SynTPCpl.dll
+ 2012-03-26 15:20 . 2011-09-15 00:11 1048576 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_71bc61cb22dcb472\syndata.bin
+ 2012-03-26 15:20 . 2009-08-07 14:49 1721576 c:\windows\system32\DriverStore\FileRepository\synhid.inf_amd64_neutral_b5a7b612b8a6267d\WdfCoInstaller01009.dll
+ 2009-07-14 04:45 . 2012-03-22 01:44 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-11 14:02 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-28 21:19 . 2012-03-30 03:22 2767448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-28 21:19 . 2012-03-13 17:37 2767448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-11 03:24 . 2012-03-11 05:04 1282720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1699539174-4049867383-3466198633-1002-4096.dat
+ 2011-11-11 03:24 . 2012-03-30 03:22 1282720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1699539174-4049867383-3466198633-1002-4096.dat
+ 2012-03-26 15:18 . 2012-03-26 15:18 6953472 c:\windows\Installer\46b3e2.msi
+ 2012-03-26 15:18 . 2012-03-26 15:18 6953472 c:\windows\Downloaded Installations\{F9E5CC92-B881-41FE-BDA2-1517AF39CC5C}\RapidBoot.msi
+ 2009-07-14 02:34 . 2012-03-22 01:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-02-19 09:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-10 23:39 . 2012-03-21 13:04 56297240 c:\windows\system32\MRT.exe
+ 2012-03-28 16:25 . 2012-03-28 16:25 11588768 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll
+ 2011-11-17 04:07 . 2012-03-30 03:22 42190888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1699539174-4049867383-3466198633-1002-12288.dat
+ 2012-03-28 16:42 . 2012-03-28 16:42 12938752 c:\windows\Installer\5690536.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" [2012-01-04 3208032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-03-29 115624]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"DivXUpdate"="c:\program files (x86)\divx\divx update\divxupdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Groth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Groth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 253600]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 swg3kflt01;Sierra Wireless USB Composite Device Filter Driver 01;c:\windows\system32\DRIVERS\swg3kflt01.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-06 498688]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-07-22 41832]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-07-22 60264]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-06 986112]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 16:25]
.
2012-03-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-03-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Groth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-07-22 42344]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-15 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"combofix"="c:\combofix\CF31972.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Groth\AppData\Roaming\Mozilla\Firefox\Profiles\njgkb3ho.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.weather.com/weather/today/Madison+WI+53705
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
r:\140066.enu\Office14\MSOSYNC.EXE
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2012-03-29 22:43:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 03:43
ComboFix2.txt 2012-03-13 18:05
ComboFix3.txt 2012-03-13 17:40
.
Pre-Run: 43,937,673,216 bytes free
Post-Run: 43,781,357,568 bytes free
.
- - End Of File - - FE2E2885C74DCEEC3C267E3131E3CB3F
 
Okay, looks good. 2 entries to remove but I don't need the log:> Looks like you ran Combofix a couple of years ago but didn't fully uninstall. So I put the registry entry for it in the script. Please also follow the removal with the command in the instructions below for the current install of Combofix:

Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No need to leave new log.
====================
Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
================================
This is optional but I recommend stopping or removing these Scheduled Tasks:

1. c:\windows\Tasks\Adobe Flash Player Updater.job
2. c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
3. c:\windows\Tasks\SystemToolsDailyTest.job
Click to expand...
-------------------------
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

  • To change the settings for a task: right-click the Task> click Properties> do any of the following: Select 1,2,3 or 4 for each.
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task,such as run time,idle time, power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete.
    4. To prevent task from running until you run again>
      [o] right-click the task> Properties> On the General tab>
      [o] clear the Enabled check box> Select the check box again when you are ready to run it again.
    ======================================

    Let me know if you have any questions.
 
  • Like
Reactions: jezzag
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back