Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by Arnn , Jun 25 2011 08:26 AM

  • This topic is locked This topic is locked

#1
Arnn
Posted 25 June 2011 - 08:26 AM

Arnn

    Member

  • Member
  • PipPip
  • 18 posts
A few days ago when I first noticed problems with my laptop, I kept getting 'AntiVirus 2011' (I think) notifications and lots of other fake 'hard drive corrupt' messages. After running MalwareBytes and Avira these messages went away.

However, when I use google now, and click on any of the top 3 or 4 results, the link is redirected briefly through a different website and then back to my Google search. Malware bytes couldn't detect anything and a Full Scan with Adaware shut down my laptop about 2 minutes into the scan. I now regularly get a notification from MalwareBytes saying '[OpenEvent] Failed to perform desired action. Error code: 2'

Thanks in advance for any help

OTL logfile created on: 6/25/2011 3:09:19 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Phoenix\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 15.72% Memory free
3.49 Gb Paging File | 2.02 Gb Available in Paging File | 57.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 421.81 Gb Total Space | 331.74 Gb Free Space | 78.65% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.10 Gb Free Space | 96.91% Space Free | Partition Type: NTFS

Computer Name: PHOENIX-PC | User Name: Phoenix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 15:04:56 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Downloads\OTL.exe
PRC - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/20 10:31:32 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/16 05:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/26 20:03:05 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2010/03/10 08:44:56 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2010/03/03 05:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/03/03 05:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/12/22 13:40:58 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/17 07:33:56 | 004,114,368 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/12/17 07:31:22 | 006,223,808 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/09/09 15:44:55 | 000,308,688 | ---- | M] () -- C:\Program Files\InternetEverywhere\WTGService.exe
PRC - [2009/09/09 15:44:29 | 000,472,528 | ---- | M] (TODO: <Company name>) -- C:\Program Files\InternetEverywhere\Launcher.exe
PRC - [2009/09/04 13:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 13:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/04 13:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 15:04:56 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/15 11:03:54 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/02/02 11:52:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/03 05:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/11/17 16:00:54 | 000,575,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/09/09 15:44:55 | 000,308,688 | ---- | M] () [Auto | Running] -- C:\Program Files\InternetEverywhere\WTGService.exe -- (WTGService)
SRV - [2009/09/04 13:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/15 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/16 17:56:23 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2011/05/31 04:38:18 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 19:17:48 | 000,018,768 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/23 00:58:32 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 00:58:28 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/12 04:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/03/03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/03 04:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/01/18 10:45:00 | 000,514,104 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/12/22 03:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/11/13 10:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/10/16 19:37:30 | 000,171,776 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/09/14 19:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/08/23 23:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/07/28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 13:37:14 | 000,011,792 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/08/06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.20110212
FF - prefs.js..extensions.enabledItems: [email protected]:1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/02 20:08:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/02 20:08:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 22:55:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 19:57:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/10 19:41:44 | 000,000,000 | ---D | M]

[2011/02/01 14:49:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Extensions
[2011/06/24 05:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\mff6mt5x.default\extensions
[2011/06/24 05:08:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\mff6mt5x.default\extensions\[email protected]
[2011/06/24 05:08:16 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\mff6mt5x.default\extensions\[email protected]
[2011/05/08 21:26:42 | 000,004,140 | -H-- | M] () -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\mff6mt5x.default\searchplugins\youtube.xml
[2011/06/22 19:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 17:04:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/28 14:22:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 16:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 03:40:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\[email protected]
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/24 23:49:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 00:20:57 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/24 23:49:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/06/24 23:44:30 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Local\temp
[2011/06/24 23:44:28 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/06/24 23:21:54 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/06/24 23:06:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/24 16:57:33 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2011/06/24 14:14:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/06/24 14:09:46 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2011/06/24 14:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/24 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/24 14:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/06/24 12:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/24 12:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 16:37:18 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Roaming\Avira
[2011/06/23 16:07:17 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/23 14:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/23 14:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/06/22 18:01:51 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Local\{81F66660-6762-4C3C-9453-68DC00ABBD35}
[2011/06/18 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/06/16 17:56:53 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Roaming\InternetEverywhere
[2011/06/16 17:56:33 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys
[2011/06/16 17:56:33 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/06/16 17:56:33 | 000,103,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbfake.sys
[2011/06/16 17:56:33 | 000,100,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewsercd.sys
[2011/06/16 17:56:33 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/06/16 17:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Everywhere
[2011/06/16 17:56:25 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2011/06/16 17:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\InternetEverywhere
[2011/06/16 17:51:20 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\Birdstep Technology
[2011/06/16 17:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2011/06/16 17:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2011/06/16 17:50:25 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbser6k.sys
[2011/06/16 17:50:25 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmea.sys
[2011/06/16 17:50:25 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbmdm6k.sys
[2011/06/16 17:50:25 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\massfilter.sys
[2011/06/16 17:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2011/06/16 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2011/06/15 16:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2011/06/15 16:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/06/12 02:46:08 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Local\{F654055B-6111-440D-84D5-1DAE226F982B}
[2011/06/09 18:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/09 17:59:51 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Local\{CEC4C70E-7BC3-42D9-BD6D-96AD40E6DB77}
[2011/06/07 12:56:28 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/06/07 12:53:38 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/06/07 12:42:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/05/31 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\OpenOffice.org
[2011/05/31 04:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/05/31 04:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/05/31 04:45:08 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Local\Oblivion
[2011/05/31 04:45:08 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\Documents\My Games
[2011/05/31 04:44:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/05/31 04:38:18 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\windows\System32\drivers\dtsoftbus01.sys
[2011/05/31 04:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/05/31 04:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/05/31 04:37:31 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Roaming\DAEMON Tools Lite
[2011/05/31 04:37:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/05/30 20:54:13 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Local\{66781E4E-5CC6-4C0D-B12E-BEE2B642D9F1}
[2011/05/30 20:54:12 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Local\{3A289015-39B9-4BD5-B186-B876FAEE4013}
[2011/05/28 20:35:49 | 000,000,000 | -H-D | C] -- C:\Users\Phoenix\AppData\Roaming\go
[2011/05/28 20:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/28 14:27:47 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/05/28 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 15:11:03 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 15:08:59 | 000,001,099 | ---- | M] () -- C:\Users\Phoenix\Desktop\OTL - Shortcut.lnk
[2011/06/25 14:52:27 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 14:52:27 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 14:44:49 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 14:43:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/25 14:43:02 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 13:32:02 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1845958224-2319003689-1748113466-1004UA.job
[2011/06/25 00:24:32 | 232,697,931 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/24 23:49:16 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/06/24 21:32:06 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1845958224-2319003689-1748113466-1004Core.job
[2011/06/24 15:06:47 | 000,675,168 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/24 15:06:47 | 000,128,134 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/24 14:14:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/06/24 14:14:05 | 000,016,432 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2011/06/24 14:09:55 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/23 16:41:24 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~30334712
[2011/06/23 16:41:24 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~30334712r
[2011/06/23 16:41:08 | 000,000,344 | -H-- | M] () -- C:\ProgramData\30334712
[2011/06/22 19:59:40 | 000,001,998 | ---- | M] () -- C:\Users\Phoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 19:57:37 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/22 09:51:24 | 000,017,086 | -H-- | M] () -- C:\Users\Phoenix\Desktop\Ruthenium.odp
[2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2011/06/17 16:41:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/17 16:41:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/16 17:56:27 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
[2011/06/16 17:56:23 | 000,621,056 | ---- | M] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys
[2011/06/16 17:56:23 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/06/16 17:56:23 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbfake.sys
[2011/06/16 17:56:23 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewsercd.sys
[2011/06/16 17:56:23 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/06/16 17:50:44 | 000,001,983 | ---- | M] () -- C:\Users\Phoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/06/14 01:15:56 | 000,077,927 | -H-- | M] () -- C:\Users\Phoenix\Documents\smartbombstudios-justice.jpg
[2011/06/11 00:13:41 | 000,006,460 | -H-- | M] () -- C:\Users\Phoenix\.recently-used.xbel
[2011/06/09 18:26:38 | 021,022,914 | ---- | M] () -- C:\Users\Phoenix\Documents\vlc-1.1.10-win32.exe
[2011/06/09 18:01:59 | 000,002,266 | -H-- | M] () -- C:\Users\Phoenix\Documents\Redditglass.wlmp
[2011/06/07 17:16:09 | 000,477,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/05/31 22:44:37 | 000,029,897 | -H-- | M] () -- C:\Users\Phoenix\Documents\Borderless Network Security.odp
[2011/05/31 18:34:49 | 000,001,197 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/05/31 04:38:18 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\windows\System32\drivers\dtsoftbus01.sys
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 15:08:59 | 000,001,099 | ---- | C] () -- C:\Users\Phoenix\Desktop\OTL - Shortcut.lnk
[2011/06/25 00:20:50 | 232,697,931 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/24 22:35:07 | 000,016,432 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2011/06/24 14:09:55 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/23 16:41:24 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~30334712r
[2011/06/23 16:41:23 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~30334712
[2011/06/23 16:41:08 | 000,000,344 | -H-- | C] () -- C:\ProgramData\30334712
[2011/06/22 19:57:37 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/22 09:44:07 | 000,017,086 | -H-- | C] () -- C:\Users\Phoenix\Desktop\Ruthenium.odp
[2011/06/17 16:41:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/17 16:41:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/16 17:56:27 | 000,001,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
[2011/06/16 17:50:44 | 000,001,983 | ---- | C] () -- C:\Users\Phoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/06/16 17:50:13 | 000,010,240 | ---- | C] () -- C:\windows\System32\drivers\mdvrmng.sys
[2011/06/14 01:15:49 | 000,077,927 | -H-- | C] () -- C:\Users\Phoenix\Documents\smartbombstudios-justice.jpg
[2011/06/11 00:13:41 | 000,006,460 | -H-- | C] () -- C:\Users\Phoenix\.recently-used.xbel
[2011/06/09 18:25:21 | 021,022,914 | ---- | C] () -- C:\Users\Phoenix\Documents\vlc-1.1.10-win32.exe
[2011/06/09 18:01:59 | 000,002,266 | -H-- | C] () -- C:\Users\Phoenix\Documents\Redditglass.wlmp
[2011/06/07 12:45:22 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/06/07 12:42:05 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/06/07 12:41:44 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2011/05/31 22:31:58 | 000,029,897 | -H-- | C] () -- C:\Users\Phoenix\Documents\Borderless Network Security.odp
[2011/05/31 18:34:49 | 000,001,197 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/05/28 20:35:50 | 000,001,686 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/03/02 01:14:38 | 000,028,496 | ---- | C] () -- C:\windows\System32\SmartDefragBootTime.exe
[2011/03/02 01:14:36 | 000,015,672 | ---- | C] () -- C:\windows\System32\drivers\SmartDefragDriver.sys
[2011/02/05 21:56:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/26 20:24:48 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2010/04/26 20:24:48 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2010/04/26 20:16:22 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2010/04/26 20:03:19 | 001,410,400 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010/04/26 20:03:19 | 000,660,832 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010/04/26 20:03:19 | 000,513,376 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010/04/26 20:03:18 | 002,110,816 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010/04/26 20:03:18 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010/04/26 20:02:58 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010/04/26 19:38:21 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2010/04/26 19:33:06 | 000,006,088 | ---- | C] () -- C:\windows\System32\drivers\CDConfig.bin
[2010/04/26 19:31:51 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/04/26 19:27:18 | 000,201,875 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/04/26 19:27:18 | 000,001,105 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\windows\System32\RemoveDevice.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,477,456 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,675,168 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,128,134 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/18 10:39:19 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/21 17:35:18 | 000,000,017 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\雈͢
[2011/06/21 17:35:18 | 000,000,017 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\雈͢
[2011/06/16 00:12:05 | 000,000,035 | ---- | M] ()(C:\windows\System32\?") -- C:\windows\System32\㡨̎
[2011/06/16 00:12:05 | 000,000,035 | ---- | C] ()(C:\windows\System32\?") -- C:\windows\System32\㡨̎
[2011/06/04 17:27:35 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\쑸Ν
[2011/06/04 17:27:35 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\쑸Ν
[2011/05/29 21:09:03 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\嵨ƿ
[2011/05/29 21:09:03 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\嵨ƿ
[2011/05/28 15:43:47 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\㏘ͤ
[2011/05/28 15:43:47 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\㏘ͤ
[2011/05/26 14:25:16 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\섘ʠ
[2011/05/26 14:25:15 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\섘ʠ
[2011/05/17 19:31:20 | 000,000,036 | ---- | M] ()(C:\windows\System32\?_) -- C:\windows\System32\̱
[2011/05/17 19:31:20 | 000,000,036 | ---- | C] ()(C:\windows\System32\?_) -- C:\windows\System32\̱
[2011/05/15 13:01:43 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\㙰́
[2011/05/15 13:01:43 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\㙰́
[2011/05/10 19:50:31 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ꅐ̫
[2011/05/10 19:50:31 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ꅐ̫
[2011/05/09 12:53:33 | 000,000,036 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\悘̢
[2011/05/09 12:53:33 | 000,000,036 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\悘̢

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 25 June 2011 - 09:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what I can find out for you

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    () (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
    () (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
    () (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    () (No name found) -- C:\USERS\PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFF6MT5X.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2011/06/23 16:41:24 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~30334712
    [2011/06/23 16:41:24 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~30334712r
    [2011/06/23 16:41:08 | 000,000,344 | -H-- | M] () -- C:\ProgramData\30334712

    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Arnn
Posted 25 June 2011 - 09:31 AM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I copied and pasted into the custom scan area, then when I pressed RUN FIX, OTL stopped responding and a command prompt box opened up and nothing else happened. It stayed that wait for 15 minutes before I closed the prompt box. Should I try again?
  • 0

#4
Essexboy
Posted 25 June 2011 - 09:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No not for now close OTL via Task manager and then run aswMBR please. Could you also run a fresh OTL scan after the aswMBR run
  • 0

#5
Arnn
Posted 25 June 2011 - 11:45 AM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran aswMBR, it was taking a fair while, as I left it, it was going into 20 minutes or so. One difference I noticed between my scan and the image you provided above of a succesful scan, is that when I run my scan it also appears to run an Avast engine scan after the line '3 CLASSPNP'. Sorry if this is getting tedious.
  • 0

#6
Essexboy
Posted 25 June 2011 - 12:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not at all, Avast is obviously running a full AV scan for you - which is good
  • 0

#7
Arnn
Posted 25 June 2011 - 12:52 PM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
just had a BSOD before the scan finished. Should I be doing these in safe mode? I hope I'm not missing something
  • 0

#8
Essexboy
Posted 25 June 2011 - 12:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No it should work OK in normal mode

However, the results so far indicate that there is something there worthy of a bigger hammer

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
Arnn
Posted 25 June 2011 - 02:56 PM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
When I came back to my laptop after running Combofix there were no programs open on screen, not even the log file although It appeared to be going well, when I left it it was at stage 50. Had to manually grab this... I don't think it's of much help. This is literally the C:\ComboFix.txt

ComboFix 11-06-25.03 - Phoenix 25/06/2011 20:16:52.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.867 [GMT 1:00]
Running from: C:\Users\Phoenix\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  • 0

#10
Essexboy
Posted 25 June 2011 - 03:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has it completed ?

If so could you re-run it please as it may not have completed properly, if necessary it may be run from safe mode
  • 0

Advertisements

#11
Arnn
Posted 25 June 2011 - 03:21 PM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
There was nothing to indicate completion, I left my laptop at stage 50 to do something else for a while, when I came back I logged in and my desktop was completely devoid of open programs. I assume that means no completion?

If push comes to shove I have no qualms about doing a factory reset, most of my important documents are cloud based so easy to recover.

Anyway, here goes another attempt at Combofix, I'll post a log, should I get one. =]

Thanks for being so patient.
  • 0

#12
Essexboy
Posted 25 June 2011 - 03:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have all the time in the world to help - so do not fret, plus I enjoy helping :)
  • 0

#13
Arnn
Posted 25 June 2011 - 03:42 PM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The computer Gods must be smiling down. I have a succesful log without a safe mode scan.


ComboFix 11-06-25.04 - Phoenix 25/06/2011 22:27:07.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.736 [GMT 1:00]
Running from: c:\users\Phoenix\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 21:36 . 2011-06-25 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-25 15:21 . 2011-06-25 15:21 -------- d-----w- C:\_OTL
2011-06-24 22:44 . 2011-06-25 21:37 -------- d-----w- c:\users\Phoenix\AppData\Local\temp
2011-06-24 21:35 . 2011-06-24 13:14 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-24 15:57 . 2011-06-24 15:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-24 13:14 . 2011-06-24 13:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 13:09 . 2011-06-20 09:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-24 13:09 . 2011-06-24 13:09 -------- d-----w- c:\program files\Lavasoft
2011-06-24 13:09 . 2011-06-24 13:09 -------- d-----w- c:\programdata\Lavasoft
2011-06-24 11:44 . 2011-06-25 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-24 11:44 . 2011-06-25 13:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-23 15:37 . 2011-06-23 15:37 -------- d--h--w- c:\users\Phoenix\AppData\Roaming\Avira
2011-06-23 13:33 . 2011-06-24 04:07 -------- d-----w- c:\program files\Steam
2011-06-23 13:31 . 2011-06-24 04:09 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-06-22 18:57 . 2011-06-16 04:32 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-22 18:57 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 18:57 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 17:01 . 2011-06-22 17:01 -------- d-----w- c:\users\Phoenix\AppData\Local\{81F66660-6762-4C3C-9453-68DC00ABBD35}
2011-06-18 00:53 . 2011-06-18 00:53 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-16 16:56 . 2011-06-16 17:50 -------- d--h--w- c:\users\Phoenix\AppData\Roaming\InternetEverywhere
2011-06-16 16:56 . 2011-06-16 16:56 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-06-16 16:56 . 2011-06-16 16:56 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-16 16:56 . 2011-06-16 16:56 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-16 16:56 . 2011-06-16 16:56 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-06-16 16:56 . 2011-06-16 16:56 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2011-06-16 16:56 . 2008-12-13 09:27 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-16 16:56 . 2011-06-16 16:56 -------- d-----w- c:\program files\InternetEverywhere
2011-06-16 16:51 . 2011-06-24 04:05 -------- d-----w- c:\users\Phoenix\AppData\Roaming\Birdstep Technology
2011-06-16 16:50 . 2011-06-24 04:07 -------- d-----w- c:\programdata\Birdstep Technology
2011-06-16 16:50 . 2010-01-19 11:49 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-06-16 16:50 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-06-16 16:50 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-06-16 16:50 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-06-16 16:50 . 2011-06-16 16:50 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2011-06-16 16:50 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2011-06-16 16:50 . 2011-06-16 16:50 -------- d-----w- c:\program files\3 Mobile Broadband
2011-06-15 10:16 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 10:16 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 10:16 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 10:16 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 10:16 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 10:16 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 10:15 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 10:15 . 2011-04-29 04:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 10:15 . 2011-04-22 19:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 10:14 . 2011-04-29 04:57 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 10:14 . 2011-04-22 19:09 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-06-15 10:14 . 2011-05-28 02:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 10:14 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 10:14 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 10:14 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 01:46 . 2011-06-12 01:46 -------- d-----w- c:\users\Phoenix\AppData\Local\{F654055B-6111-440D-84D5-1DAE226F982B}
2011-06-09 16:59 . 2011-06-09 16:59 -------- d-----w- c:\users\Phoenix\AppData\Local\{CEC4C70E-7BC3-42D9-BD6D-96AD40E6DB77}
2011-06-07 11:56 . 2011-06-07 11:56 -------- d-----w- c:\windows\system32\SPReview
2011-06-07 11:53 . 2011-06-07 11:53 -------- d-----w- c:\windows\system32\EventProviders
2011-06-07 11:46 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-06-07 11:46 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-06-07 11:46 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-06-07 11:46 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-06-07 11:46 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-07 11:46 . 2010-11-20 12:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-06-07 11:46 . 2010-11-20 12:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-06-07 11:44 . 2010-11-20 12:21 597504 ----a-w- c:\windows\system32\TSWorkspace.dll
2011-06-07 11:43 . 2010-11-20 12:21 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2011-06-07 11:42 . 2010-11-20 12:21 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2011-06-07 11:41 . 2010-11-20 10:49 386048 ----a-w- c:\windows\system32\html.iec
2011-06-07 11:40 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-07 11:40 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-07 11:40 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-07 11:40 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-06-07 11:40 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-07 11:40 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-07 11:40 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-07 11:38 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-07 11:38 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-31 17:33 . 2011-06-24 04:05 -------- d-----w- c:\users\Phoenix\AppData\Roaming\OpenOffice.org
2011-05-31 03:46 . 2011-05-31 03:46 -------- d-----w- c:\program files\Bethesda Softworks
2011-05-31 03:45 . 2011-05-31 12:17 -------- d-----w- c:\users\Phoenix\AppData\Local\Oblivion
2011-05-31 03:38 . 2011-05-31 03:38 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-31 03:38 . 2011-05-31 03:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-31 03:37 . 2011-05-31 03:45 -------- d--h--w- c:\users\Phoenix\AppData\Roaming\DAEMON Tools Lite
2011-05-31 03:37 . 2011-05-31 03:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-31 03:34 . 2011-05-31 03:34 -------- d--h--w- c:\users\Public\CyberLink
2011-05-30 19:54 . 2011-05-30 19:54 -------- d-----w- c:\users\Phoenix\AppData\Local\{66781E4E-5CC6-4C0D-B12E-BEE2B642D9F1}
2011-05-30 19:54 . 2011-05-30 19:54 -------- d-----w- c:\users\Phoenix\AppData\Local\{3A289015-39B9-4BD5-B186-B876FAEE4013}
2011-05-28 19:35 . 2011-05-28 19:35 -------- d--h--w- c:\users\Phoenix\AppData\Roaming\go
2011-05-28 19:35 . 2011-06-24 04:07 -------- d-----w- c:\programdata\Easybits GO
2011-05-28 13:23 . 2011-05-28 13:24 -------- d-----w- c:\program files\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 12:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-30 19:59 . 2011-05-17 10:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 08:11 . 2011-02-27 20:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 18:51 . 2011-05-16 18:51 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 18:45 . 2011-05-16 18:45 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-16 18:45 . 2011-05-16 18:45 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-22 19:14 . 2011-05-25 11:47 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:02 . 2011-05-11 21:47 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 21:47 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-02 18:03 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-01 16:07 . 2011-05-03 22:40 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-01 16:07 . 2011-05-03 22:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-16 04:32 . 2011-06-22 18:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-04-26 19:03 1410400 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-10 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2010-04-26 3122528]
"UCam_Menu"="c:\program files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\Lenovo\YouCam\YouCamTray.exe" [2009-12-22 167008]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-9-4 795936]
Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2011-6-16 472528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-06-16 103040]
R3 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-22 30600]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-22 19280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-04-27 18768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 64512]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-31 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-20 2151128]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [2009-09-09 308688]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-06-20 15232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 16:26]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 16:26]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1845958224-2319003689-1748113466-1004Core.job
- c:\users\Phoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 02:14]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1845958224-2319003689-1748113466-1004UA.job
- c:\users\Phoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 02:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\mff6mt5x.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,7c,4d,5b,b6,6c,f8,4c,a4,a6,07,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,7c,4d,5b,b6,6c,f8,4c,a4,a6,07,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3560)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\IcnOvrly.dll
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-06-25 22:40:05
ComboFix-quarantined-files.txt 2011-06-25 21:40
.
Pre-Run: 355,888,525,312 bytes free
Post-Run: 355,824,316,416 bytes free
.
- - End Of File - - E9B3F62680F902FB8F759BB625B1AF7C
  • 0

#14
Essexboy
Posted 26 June 2011 - 04:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm - not a lot showing there, can you confirm that the redirects are still occuring ?

Also do the redirects happen in IE, Firefox or both ?

Finally do they direct you to a specific search engine or site

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL


    :Files
    ipconfig /flushdns /c
    c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP


    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
Arnn
Posted 26 June 2011 - 07:58 AM

Arnn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Indeed, I'm still beind redirected. I'm not actually being taken to a different site, when i click a link the the address bar rapidly changes to an unrelated site (some examples, when clicking on the 'Reddit' homepage search in firefox I am taken to 'http://globalbx.us/' or, Reddit again in internet explorer using Bing 'http://linkinghub.elsevier.com/') but only for a split second, no images load on the page during this instant. I am then taken back to my original search page, Google, with reddit typed in and the usual results.

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Phoenix\Downloads\cmd.bat deleted successfully.
C:\Users\Phoenix\Downloads\cmd.txt deleted successfully.
c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Phoenix
->Temp folder emptied: 3157115 bytes
->Temporary Internet Files folder emptied: 105773365 bytes
->Java cache emptied: 5282977 bytes
->FireFox cache emptied: 82061869 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 3938 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312320 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Phoenix
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.24.1 log created on 06262011_144828

Files\Folders moved on Reboot...
C:\Users\Phoenix\AppData\Local\Temp\~DFF4D35882EB277AA9.TMP moved successfully.
C:\Users\Phoenix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNY8C0SE\sandbox[2].php moved successfully.
C:\Users\Phoenix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J26YYY5\333945[1].txt moved successfully.
C:\Users\Phoenix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J26YYY5\redirect_v92_cim_11_10_4[2].html moved successfully.
File move failed. C:\Users\Phoenix\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP