New virus and can't remove 2

DigitelD · Sep 4, 2010

I saw a youtube video that I wanted my wife to see. So, I downloaded savetubevideo. Now my browser redirects to landing.savetubevideo.com. Malwarebytes, Spybot, nor AVG detects it. Has anyone seen this before?

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

papadba · Sep 4, 2010

You might check and see if your "home page" has been modified to this. . .

goombawaho · Sep 5, 2010

Check your HOSTS file and clean it up if anything is in there that you didn't intentionally modify.

http://www.mvps.org/winhelp2002/hosts.htm

Try ComboFix per the following instructions. Run that. If no love after running it and rebooting - post HijackThis log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

BadBigBen · Sep 5, 2010

actually, this is easy to fix, it is a spyware/redirector application:

1. Uninstall the App... SaveTubeVideo... DO NOT REBOOT at this STAGE...

2. Uninstall WinPCap (actually a legit app, but this is used to spy on you), which gets installed along side of SaveTube... NOW REBOOT...

3. for ease of fixing the left overs, Download HiJackThis, run a scan with log, post the log here, I, or someone else will discern the log and tell you what to fix...

HiJackThis from TrendMicro

http://free.antivirus.com/hijackthis/

4. Download CCleaner, run it and have it clean your PC of unwanted trash, (logfiles and unwanted Temp files)...

CCleaner

http://www.piriform.com/

waiting for your next post...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

goombawaho · Sep 6, 2010

The reason I mentioned combofix is that this person probably has a lot of other baddies on there as well. Might as well whack 'em all at once.

BadBigBen · Sep 6, 2010

Goom,

I am not nay-saying you, I took a close look at this piece of crap, on an install on VMWare...

and then went to town on it...

Combofix probably is not a bad idea, that is also the reason why I asked him to post a HiJackThis Log...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

goombawaho · Sep 7, 2010

There is a slight risk with ComboFix, so your method would entail less risk as a first step.

DigitelD · Sep 7, 2010

Here is my hijackthis file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:26 AM, on 9/7/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\ID Vault\IDVault.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nortel Networks\ICSRT\Scheduler\scheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dwayne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://lenovo.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ipoffice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GuardId.MSIEBrowser.BHO - {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - mscoree.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ID Vault.lnk = C:\Program Files\ID Vault\IDVault.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norstar ICS Scheduler.lnk = C:\Program Files\Nortel Networks\ICSRT\Scheduler\scheduler.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IDVault Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\ID Vault\IDVaultSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Voicemail Pro Service (VoicemailProServer) - Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe

--
End of file - 10914 bytes

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

BadBigBen · Sep 7, 2010

Dwayne,

the good news:

I can't see anything detrimental in that LOG, a few unnecessary entries but no Malware (that is detected by HJT)...

but that is also the bad news, if it is still redirecting, then by all means attempt ComboFix, as outlined by Goom...

also worth a look at, for scanning against malwares:

MBAM - Malwarebytes AntiMalware

http://www.malwarebytes.org/mbam.php

SuperAntiSpyware

http://www.superantispyware.com/

keep us posted as to the situation...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

DigitelD · Sep 7, 2010

Here is the Combofix log:

ComboFix 10-09-06.04 - Dwayne 09/07/2010 12:31:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1628 [GMT -4:00]
Running from: c:\users\Dwayne\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\system32\IMSMfcSupport.0406.dll
c:\windows\system32\IMSMfcSupport.0407.dll
c:\windows\system32\IMSMfcSupport.0409.dll
c:\windows\system32\IMSMfcSupport.040a.dll
c:\windows\system32\IMSMfcSupport.040b.dll
c:\windows\system32\IMSMfcSupport.040c.dll
c:\windows\system32\IMSMfcSupport.0410.dll
c:\windows\system32\IMSMfcSupport.0411.dll
c:\windows\system32\IMSMfcSupport.0413.dll
c:\windows\system32\IMSMfcSupport.0414.dll
c:\windows\system32\IMSMfcSupport.0416.dll
c:\windows\system32\IMSMfcSupport.0419.dll
c:\windows\system32\IMSMfcSupport.041d.dll
c:\windows\system32\IMSMfcSupport.0804.dll
c:\windows\system32\IMSMfcSupport.0809.dll
c:\windows\system32\IMSMfcSupport.080a.dll
c:\windows\system32\IMSMfcSupport.0816.dll
c:\windows\system32\IMSMfcSupport.0c04.dll
c:\windows\system32\IMSMfcSupport.0c0c.dll
c:\windows\system32\IMSMfcSupport.240a.dll
c:\windows\system32\IMSMfcSupport.2c0a.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\UMSINST.0406.dll
c:\windows\system32\UMSINST.0407.dll
c:\windows\system32\UMSINST.0409.dll
c:\windows\system32\UMSINST.040a.dll
c:\windows\system32\UMSINST.040b.dll
c:\windows\system32\UMSINST.040c.dll
c:\windows\system32\UMSINST.0410.dll
c:\windows\system32\UMSINST.0411.dll
c:\windows\system32\UMSINST.0413.dll
c:\windows\system32\UMSINST.0414.dll
c:\windows\system32\UMSINST.0416.dll
c:\windows\system32\UMSINST.0419.dll
c:\windows\system32\UMSINST.041d.dll
c:\windows\system32\UMSINST.0804.dll
c:\windows\system32\UMSINST.0809.dll
c:\windows\system32\UMSINST.080a.dll
c:\windows\system32\UMSINST.0816.dll
c:\windows\system32\UMSINST.0c04.dll
c:\windows\system32\UMSINST.0c0c.dll
c:\windows\system32\UMSINST.240a.dll
c:\windows\system32\UMSINST.2c0a.dll
Q:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://dibs.ddni.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-07 15:18 . 2010-09-07 16:25 63488 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 15:18 . 2010-09-07 15:18 52224 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 15:18 . 2010-09-07 16:25 117760 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 17:18 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-25 17:18 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-08-25 13:48 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\QuickTime
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\programdata\Apple Computer
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\Common Files\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\users\Dwayne\AppData\Local\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\programdata\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\Apple Software Update
2010-08-13 18:07 . 2010-07-23 14:17 25360 ------w- c:\windows\system32\drivers\gidv2.sys
2010-08-13 18:07 . 2010-08-13 18:07 -------- d-----w- c:\programdata\GID
2010-08-13 18:07 . 2010-08-13 18:07 -------- d-----w- c:\program files\SFT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 16:26 . 2010-06-15 20:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 13:50 . 2010-06-15 20:51 -------- d-----w- c:\program files\SpywareBlaster
2010-09-05 13:48 . 2010-06-15 21:13 1 ----a-w- c:\users\Dwayne\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-26 19:37 . 2010-06-16 12:41 -------- d-----w- c:\program files\e-Sword
2010-08-25 17:19 . 2010-08-25 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-24 19:19 . 2010-06-15 20:04 81120 ----a-w- c:\users\Dwayne\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 12:41 . 2010-06-16 17:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-13 19:21 . 2010-06-15 20:08 -------- d-----w- c:\users\Dwayne\AppData\Roaming\ID Vault
2010-08-13 18:06 . 2010-06-15 20:08 -------- d-----w- c:\program files\ID Vault
2010-08-05 02:19 . 2010-06-15 20:14 1445120 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\IdVaultCore.dll
2010-08-05 02:19 . 2010-06-15 21:22 533248 ----a-w- c:\programdata\White Sky, Inc\ID Vault\XPCOM\Components\IdVault.XPCOM.dll
2010-08-05 02:19 . 2010-06-15 20:14 42240 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\IDVault.BHO.dll
2010-08-05 02:19 . 2010-06-15 20:14 84224 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\CommonDotNET.dll
2010-08-02 13:05 . 2010-06-15 21:30 -------- d-----w- c:\program files\CCleaner
2010-07-29 06:30 . 2010-08-13 12:08 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-13 12:08 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-23 14:18 . 2010-07-23 14:18 65816 ----a-w- c:\windows\system32\SysEventMenu.dll
2010-07-23 14:18 . 2010-07-23 14:18 388368 ----a-w- c:\windows\system32\GIDHook.dll
2010-07-23 14:17 . 2010-07-23 14:17 100624 ----a-w- c:\windows\system32\GIDBIN3.dll
2010-07-23 14:17 . 2010-07-23 14:17 171280 ----a-w- c:\windows\system32\GIDBIN1.dll
2010-07-19 19:11 . 2010-07-19 19:11 -------- d-----w- c:\program files\Firm Applications
2010-07-19 19:09 . 2010-07-19 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-15 13:26 . 2010-06-15 20:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:26 . 2010-07-15 13:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:25 . 2010-06-15 20:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 06:25 . 2010-08-13 12:08 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 17:05 . 2010-06-24 17:05 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-24 17:05 . 2010-06-24 17:05 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-24 17:05 . 2010-06-24 17:05 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-24 17:05 . 2010-06-24 17:05 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-24 17:05 . 2010-06-24 17:05 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-24 17:05 . 2009-09-04 21:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-24 17:05 . 2009-09-04 21:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-22 02:47 . 2010-08-13 12:08 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-13 12:08 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-13 12:08 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-13 12:08 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-13 12:08 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-13 12:08 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-13 12:08 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 18:24 . 2010-06-18 18:24 53632 ------w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\

http://www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-06-18 18:23 . 2010-06-18 18:23 71680 ------w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-16 16:48 . 2010-06-16 16:48 0 ------w- c:\windows\nsreg.dat
2010-06-16 13:04 . 2010-06-15 20:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-16 05:48 . 2010-08-13 12:08 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 21:09 . 2010-06-15 21:09 411368 ------w- c:\windows\system32\deployJava1.dll
2010-06-15 20:25 . 2010-06-15 20:25 1444 ------w- c:\windows\MFGCLEAN.CMD
2010-06-15 20:13 . 2010-06-15 20:13 3678504 ------w- c:\users\Dwayne\AppData\Roaming\ID Vault\IDVaultUpdate.exe
2010-06-15 19:42 . 2010-06-15 19:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-06-15 19:42 . 2010-06-15 19:42 33088 ------w- c:\windows\system32\drivers\psadd.sys
2010-06-15 19:42 . 2010-06-15 19:42 129784 ------w- c:\windows\system32\pxafs.dll
2010-06-15 19:42 . 2010-06-15 19:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-15 19:37 . 2010-06-15 19:37 55072 ------w- c:\windows\system32\jureg.exe
2010-06-14 06:12 . 2010-08-13 12:08 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-24 202256]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2010-07-23 389896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\users\Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ID Vault.lnk - c:\program files\ID Vault\IDVault.exe [2010-8-4 2880256]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Norstar ICS Scheduler.lnk - c:\program files\Nortel Networks\ICSRT\Scheduler\scheduler.exe [2010-6-16 290816]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-24 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-08-03 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at.sys [2009-10-15 80896]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 GIDv2;GIDv2; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-01-21 172720]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-01-21 160432]
S2 IDVaultSvc;IDVault Service;c:\program files\ID Vault\IDVaultSvc.exe [2010-08-05 41728]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
S2 VoicemailProServer;Voicemail Pro Service;c:\program files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe [2010-02-11 6123520]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2010-07-23 14:19 431368 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://

http://www.google.com

uInternet Settings,ProxyOverride = ipoffice
FF - ProfilePath - c:\users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\4oqagv6f.default\
FF - prefs.js: browser.search.selectedEngine -

http://www.google-feed.net

FF - prefs.js: browser.startup.homepage - hxxp://

http://www.foxnews.com/

FF - prefs.js: keyword.URL - hxxp://

http://www.veerboo.com/results.php?q=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\White Sky, Inc\ID Vault\XPCOM\components\IdVault.XPCOM.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3400)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-09-07 12:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 16:47

Pre-Run: 215,193,391,104 bytes free
Post-Run: 214,526,197,760 bytes free

- - End Of File - - 5AADCBBB9DA12CB4E01F9882A7ACE02A

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

goombawaho · Sep 8, 2010

BadBigBen - He had said originally "Malwarebytes, Spybot, nor AVG detects it." That's why I was already going towards ComboFix.

DigitelD But the question you didn't answer is "Is everything okay now?"

DigitelD · Sep 8, 2010

No, it is still happening. All this does is redirect you to a google search page. It is annoying. Nothing is detecting this.

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

kjv1611 · Sep 8, 2010

DigitelD,

Did you try goombawaho's suggestion on checking your hosts file?

Also, have you checked your LAN/connection settings? Here's what I'm talking about....

Open Internet Explorer, go to Tools -> Internet Options..
On the Connections tab, click the LAN Settings button.. Do you have anything in the Proxy server box? If so, and you didn't put it there, take it out, and uncheck that box..

Also, try running a couple general clean-up tools after the other tools:

Advanced System care
Glary Utilities
CCleaner(mentioned by BadBigBen) - also use the registry cleaner option..

And I THINK that from your last post, you mean that nothing listed in this forum thread is working so far... but please specify what exactly it is you've tried. I see you posted logs from HJT and Combofix, but what have you actually DONE on your computer to try and fix the problem?

goombawaho · Sep 8, 2010

Yes - check HOSTS file and Proxy Settings.

DigitelD · Sep 8, 2010

I did check the Hosts file this morning after I read your replies. I can't find the proxy settings. I am running Windows 7. I haven't had the redirection happen so far after I replaced the Hosts file.

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

DigitelD · Sep 8, 2010

It just happened again.

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

DigitelD · Sep 8, 2010

I checked the proxy settings and no proxy was entered in. This is unreal.

SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP

goombawaho · Sep 8, 2010

http://support.mozilla.com/en-US/questions/737327

BadBigBen · Sep 8, 2010

Goom, I missed that with MBAM...

and good find there on the Support Site, I guess when I installed it on the VM, it had not gotten nested in FF yet, although it was redirecting in IE and FF, and the cleanup on the VM went smooth...

have a star, for the find...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

goombawaho · Sep 9, 2010

I was ready to give up if that didn't work. Thanks for the star.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

New virus and can't remove 2

Vendor

MIS

MIS

MIS

MIS

MIS

MIS

Vendor

MIS

Vendor

MIS

Vendor

New member

MIS

Vendor

Vendor

Vendor

MIS

MIS

MIS

Similar threads

Log in

Part and Inventory Search

Sponsor