TechSpot

Redirected from homepage to fake Virus Scan

By mandyyy
Mar 15, 2011
  1. Hello. For the past few weeks I've been getting redirected from my homepage to a copy of what looks like a Windows7 virus scanner. I went through & blocked the .exe file from running so now I am able to get on the web but I want to make sure that it's gone. Any help would be much appreciated. Thanks in advance.

    I already went through the 8 Step Preliminary Removal instructions and here are the logs requested:

    MBAM

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6071

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/15/2011 9:39:13 PM
    mbam-log-2011-03-15 (21-39-13).txt

    Scan type: Quick scan
    Objects scanned: 161419
    Time elapsed: 2 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-15 21:59:08
    Windows 6.1.7600
    Running: 2uk36p04.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    DDS Log

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by VICKIE at 22:04:51.70 on Tue 03/15/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2542 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\VICKIE\Downloads\2uk36p04.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\VICKIE\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

    \ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine

    \16.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet

    Security\Engine\16.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack

    \Search Helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security

    Solution\tvtpwm_ie_com.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

    \jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar

    \wltcore.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine

    \16.8.0.41\coIEPlg.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [<NO NAME>]
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

    \Writer\WriterBrowserExtension.dll
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client

    Security Solution\tvtpwm_ie_com.dll
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -

    hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine

    \16.8.0.41\CoIEPlg.dll
    LSA: Notification Packages = scecli ACGina
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    mRun-x64: [TpShocks] TpShocks.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    mRun-x64: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-12-26 402992]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-10-9 23592]
    R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-12-26 334384]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-12-26 583296]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs

    \20090712.001\IDSvia64.sys [2010-7-14 397360]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2009-12-9 15400]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-15

    135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-15 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-15 83120]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984]
    R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine

    \16.8.0.41\ccSvcHst.exe [2010-12-26 117640]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R)

    Management Engine Components\UNS\UNS.exe [2010-5-12 2320920]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE

    \EraserUtilRebootDrv.sys [2010-7-14 131632]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-12 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-12 158848]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-12 271872]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers

    \NETw5s64.sys [2009-9-15 6952960]
    R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-12-26 17920]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-12 258560]
    R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2010-5-12 206080]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

    \v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

    \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers

    \netw5v64.sys [2009-6-10 5434368]
    S3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:

    \Program Files\PC-Doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-12

    75112]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-12 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
    .
    =============== Created Last 30 ================
    .
    2011-03-16 02:33:37 -------- d-----w- C:\Users\VICKIE\AppData\Roaming\Malwarebytes
    2011-03-16 02:32:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-16 02:32:46 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-16 02:32:43 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-16 02:32:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-16 02:17:35 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-03-16 02:17:35 -------- d-----w- C:\Program Files (x86)\Avira
    2011-03-16 02:17:35 -------- d-----w- C:\PROGRA~3\Avira
    2011-03-16 02:10:22 -------- d-----w- C:\Users\VICKIE\AppData\Roaming\Uniblue
    2011-03-16 02:10:14 -------- dc-h--w- C:\PROGRA~3\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
    2011-03-16 02:10:13 -------- d-----w- C:\Program Files (x86)\Uniblue
    2011-03-16 02:09:50 -------- d-----w- C:\Users\VICKIE\AppData\Local\PackageAware
    2011-03-04 15:17:30 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-03-04 14:12:17 388096 ----a-r- C:\Users\VICKIE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-

    A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-04 14:12:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-03-01 17:56:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4859B6A0-AD14-

    4B33-98A6-92F78B438AD2}\mpengine.dll
    2011-02-24 09:00:34 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-02-24 09:00:34 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-02-23 16:33:40 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-02-23 16:33:40 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-23 16:33:40 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-02-23 16:33:40 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-21 03:32:37 361133343 ---ha-w- C:\Users\VICKIE\WordPerfectOfficeInstaller.exe.part
    2011-02-14 06:58:17 -------- d-----w- C:\Users\VICKIE\AppData\Local\Deployment
    2011-02-14 06:58:17 -------- d-----w- C:\Users\VICKIE\AppData\Local\Apps
    .
    ==================== Find3M ====================
    .
    2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-27 02:47:43 583296 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 22:05:18.97 ===============

    DDS Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/14/2010 11:22:08 PM
    System Uptime: 3/15/2011 9:24:45 PM (1 hours ago)
    .
    Motherboard: LENOVO | | 0578A25
    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 1994/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 250.788 GiB free.
    D: is CDROM ()
    Q: is FIXED (NTFS) - 10 GiB total, 2.695 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP55: 2/19/2011 3:00:16 AM - Windows Update
    RP56: 2/20/2011 3:00:14 AM - Windows Update
    RP57: 2/21/2011 3:00:10 AM - Windows Update
    RP58: 2/22/2011 3:00:10 AM - Windows Update
    RP59: 2/22/2011 10:49:40 AM - Windows Update
    RP60: 2/23/2011 3:00:17 AM - Windows Update
    RP61: 2/24/2011 3:00:17 AM - Windows Update
    RP62: 2/25/2011 3:00:10 AM - Windows Update
    RP63: 2/25/2011 10:57:28 AM - Windows Update
    RP64: 2/26/2011 3:00:10 AM - Windows Update
    RP65: 2/27/2011 3:00:10 AM - Windows Update
    RP66: 2/28/2011 3:00:10 AM - Windows Update
    RP67: 3/1/2011 3:50:18 AM - Windows Update
    RP68: 3/1/2011 3:53:46 AM - Device Driver Package Install: Microsoft Network adapters
    RP69: 3/1/2011 11:56:21 AM - Windows Update
    RP70: 3/1/2011 1:09:47 PM - Windows Update
    RP71: 3/1/2011 2:59:15 PM - Restore Operation
    RP73: 3/1/2011 11:19:09 PM - Windows Defender Checkpoint
    RP74: 3/2/2011 3:00:10 AM - Windows Update
    RP75: 3/3/2011 3:00:10 AM - Windows Update
    RP76: 3/4/2011 3:00:17 AM - Windows Update
    RP77: 3/4/2011 7:46:04 AM - Removed Google Talk Plugin
    RP78: 3/4/2011 8:03:28 AM - Removed Java(TM) 6 Update 17 (64-bit)
    RP79: 3/4/2011 8:04:02 AM - Removed Java(TM) 6 Update 17
    RP80: 3/4/2011 8:12:01 AM - Installed HiJackThis
    RP81: 3/4/2011 11:36:07 AM - Removed MSXML 4.0 SP2 (KB954430)
    RP82: 3/4/2011 11:36:34 AM - Removed MSXML 4.0 SP2 (KB973688)
    RP83: 3/4/2011 11:52:54 AM - Windows Update
    RP84: 3/5/2011 2:48:05 AM - Windows Update
    RP85: 3/15/2011 9:17:22 PM - Avira AntiVir Personal - 3/15/2011 21:16
    .
    ==== Installed Programs ======================
    .
    Access Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    AT&T Service Activation
    Avira AntiVir Personal - Free Antivirus
    Boingo Wi-Fi
    Burn.Now 4.5
    Business Contact Manager for Outlook 2007 SP2
    Corel Burn.Now Lenovo Edition
    Corel DVD MovieFactory 7
    Corel DVD MovieFactory Lenovo Edition
    Create Recovery Media
    Direct DiscRecorder
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Talk (remove only)
    HiJackThis
    HTC Driver Installer
    Integrated Camera
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    InterVideo WinDVD 8
    Junk Mail filter update
    Lenovo Warranty Information
    Lenovo Welcome
    Malwarebytes' Anti-Malware
    Message Center Plus
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Research AutoCollage Touch 2009
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mobile Broadband Connect
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    PdaNet for Android 2.45
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Rescue and Recovery
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    System Update
    ThinkPad Power Manager
    ThinkVantage Access Connections
    Uniblue RegistryBooster
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Verizon Wireless Mobile Broadband Self Activation
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/15/2011 9:23:02 PM, Error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It

    has done this 1 time(s).
    3/15/2011 9:17:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the

    following error: Access is denied.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Please disable "word wrap" in Notepad, because your logs are hard to read.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. mandyyy

    mandyyy TS Rookie Topic Starter

    Ok I completed the other scans & here are the logs:

    MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: LENOVO
    BIOS Manufacturer: LENOVO
    System Manufacturer: LENOVO
    System Product Name: 0578A25
    Logical Drives Mask: 0x0001000c

    Kernel Drivers (total 200):
    0x02E1F000 \SystemRoot\system32\ntoskrnl.exe
    0x033FC000 \SystemRoot\system32\hal.dll
    0x00BC2000 \SystemRoot\system32\kdcom.dll
    0x00CEB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D2F000 \SystemRoot\system32\PSHED.dll
    0x00D43000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00EBD000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F61000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F70000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FC7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FD0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00DA1000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0104E000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01256000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x0125F000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01289000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01294000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x012A4000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x012AF000 \SystemRoot\system32\drivers\fltmgr.sys
    0x012FB000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0130F000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
    0x01412000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01376000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015B5000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01632000 \SystemRoot\System32\Drivers\cng.sys
    0x016A5000 \SystemRoot\System32\drivers\pcw.sys
    0x016B6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016C0000 \SystemRoot\system32\drivers\ndis.sys
    0x018CC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0192C000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
    0x01957000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x019A1000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x019ED000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
    0x019F7000 \SystemRoot\System32\Drivers\spldr.sys
    0x01800000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0183A000 \SystemRoot\System32\DRIVERS\Apsx64.sys
    0x0185F000 \SystemRoot\System32\Drivers\mup.sys
    0x01871000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0187A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018B4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x017B2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x0427E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x042A8000 \SystemRoot\System32\Drivers\Null.SYS
    0x042B1000 \SystemRoot\System32\Drivers\Beep.SYS
    0x042B8000 \SystemRoot\System32\drivers\vga.sys
    0x042C6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x042EB000 \SystemRoot\System32\drivers\watchdog.sys
    0x042FB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04304000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0430D000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x04316000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04321000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04332000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04350000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0435D000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
    0x043A9000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x02E28000 \SystemRoot\system32\drivers\afd.sys
    0x02EB2000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02EF7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02F00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02F26000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02F3C000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x02F47000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02F56000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02F71000 \SystemRoot\System32\drivers\Tppwr64v.sys
    0x02F77000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02F8B000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
    0x02F9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02FF0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02E0B000 \SystemRoot\system32\DRIVERS\smiifx64.sys
    0x0449D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys
    0x04503000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04579000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x0459D000 \SystemRoot\System32\drivers\discache.sys
    0x045AC000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04400000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
    0x045CA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04000000 \SystemRoot\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
    0x045DB000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x01600000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04A5E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x04675000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04769000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x047AF000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x047C0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x047D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x05874000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x05F21000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05F2E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x05F71000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05F8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05F9E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x05FF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05800000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0580F000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0x0581B000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x05842000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x05858000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0585D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04656000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x051D9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05FF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04A2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x043DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x015CF000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0466C000 \SystemRoot\system32\DRIVERS\pnetmdm64.sys
    0x04A4A000 \SystemRoot\system32\drivers\modem.sys
    0x02E12000 \SystemRoot\system32\DRIVERS\psadd.sys
    0x05FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x01000000 \SystemRoot\system32\DRIVERS\ks.sys
    0x015E9000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05425000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0547F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x07832000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x07A4F000 \SystemRoot\system32\drivers\portcls.sys
    0x07A8C000 \SystemRoot\system32\drivers\drmk.sys
    0x07AAE000 \SystemRoot\system32\drivers\ksthunk.sys
    0x07AB4000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x07AFB000 \SystemRoot\System32\drivers\Dxapi.sys
    0x07B07000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x07B15000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04057000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x07B23000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00580000 \SystemRoot\System32\TSDDD.dll
    0x00610000 \SystemRoot\System32\cdd.dll
    0x07B73000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x07B90000 \SystemRoot\system32\DRIVERS\SMIksdrv.sys
    0x022E1000 \SystemRoot\system32\DRIVERS\SMIEXP.SYS
    0x02594000 \SystemRoot\system32\drivers\luafv.sys
    0x025B7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x025D4000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02200000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02215000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02268000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0227B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x05494000 \SystemRoot\system32\drivers\HTTP.sys
    0x02293000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x022B1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07BC3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0555C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x022C9000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x088BB000 \SystemRoot\system32\drivers\peauth.sys
    0x08965000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08970000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0899D000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08C9B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77140000 \Windows\System32\ntdll.dll
    0x47F60000 \Windows\System32\smss.exe
    0xFF460000 \Windows\System32\apisetschema.dll
    0xFF970000 \Windows\System32\autochk.exe
    0xFF3B0000 \Windows\System32\comdlg32.dll
    0xFF2A0000 \Windows\System32\msctf.dll
    0xFF220000 \Windows\System32\difxapi.dll
    0x77020000 \Windows\System32\kernel32.dll
    0xFF1D0000 \Windows\System32\Wldap32.dll
    0xFF1B0000 \Windows\System32\imagehlp.dll
    0xFF1A0000 \Windows\System32\nsi.dll
    0xFF070000 \Windows\System32\rpcrt4.dll
    0xFEE60000 \Windows\System32\ole32.dll
    0xFEC80000 \Windows\System32\setupapi.dll
    0xFEBA0000 \Windows\System32\advapi32.dll
    0xFEAD0000 \Windows\System32\usp10.dll
    0xFEAB0000 \Windows\System32\sechost.dll
    0xFEA10000 \Windows\System32\msvcrt.dll
    0xFDC80000 \Windows\System32\shell32.dll
    0x77310000 \Windows\System32\normaliz.dll
    0xFDBA0000 \Windows\System32\oleaut32.dll
    0xFDB50000 \Windows\System32\ws2_32.dll
    0xFDB20000 \Windows\System32\imm32.dll
    0xFD9F0000 \Windows\System32\wininet.dll
    0xFD790000 \Windows\System32\iertutil.dll
    0xFD6F0000 \Windows\System32\clbcatq.dll
    0xFD6E0000 \Windows\System32\lpk.dll
    0x76F20000 \Windows\System32\user32.dll
    0xFD670000 \Windows\System32\gdi32.dll
    0xFD4F0000 \Windows\System32\urlmon.dll
    0xFD470000 \Windows\System32\shlwapi.dll
    0x77300000 \Windows\System32\psapi.dll
    0xFD300000 \Windows\System32\crypt32.dll
    0xFD2E0000 \Windows\System32\devobj.dll
    0xFD240000 \Windows\System32\comctl32.dll
    0xFD200000 \Windows\System32\wintrust.dll
    0xFD190000 \Windows\System32\KernelBase.dll
    0xFD150000 \Windows\System32\cfgmgr32.dll
    0xFD140000 \Windows\System32\msasn1.dll

    Processes (total 80):
    0 System Idle Process
    4 System
    360 C:\Windows\System32\smss.exe
    504 csrss.exe
    588 C:\Windows\System32\wininit.exe
    604 csrss.exe
    636 C:\Windows\System32\services.exe
    660 C:\Windows\System32\lsass.exe
    668 C:\Windows\System32\lsm.exe
    772 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\ibmpmsvc.exe
    928 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    392 C:\Windows\System32\svchost.exe
    496 C:\Windows\System32\audiodg.exe
    912 C:\Windows\System32\winlogon.exe
    1032 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\wlanext.exe
    1220 C:\Windows\System32\conhost.exe
    1304 C:\Windows\System32\spoolsv.exe
    1332 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1492 C:\Windows\System32\taskhost.exe
    1548 C:\Windows\System32\dwm.exe
    1588 C:\Windows\explorer.exe
    1632 C:\Windows\System32\svchost.exe
    1744 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    1764 C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    1788 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    1868 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1896 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    1936 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    1972 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1980 C:\Windows\System32\conhost.exe
    1116 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    1600 C:\Program Files\Lenovo\HOTKEY\cammute.exe
    2060 C:\Program Files\Lenovo\HOTKEY\micmute.exe
    2120 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2152 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    2248 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2432 C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    2456 unsecapp.exe
    2612 WmiPrvSE.exe
    2956 C:\Windows\System32\SearchIndexer.exe
    3248 C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    3308 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    3636 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    3676 C:\Windows\System32\TpShocks.exe
    3724 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    3756 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    3780 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3872 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    3992 C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    3080 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4024 C:\Windows\System32\svchost.exe
    3128 C:\Windows\System32\svchost.exe
    4208 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5004 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    5012 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2316 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2224 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    4088 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    2528 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    4624 C:\Windows\System32\wuauclt.exe
    4020 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3284 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2828 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    4660 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
    1512 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    2520 C:\Windows\notepad.exe
    4532 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4420 C:\Windows\System32\SearchProtocolHost.exe
    704 C:\Windows\System32\SearchFilterHost.exe
    800 dllhost.exe
    3320 dllhost.exe
    4548 C:\Users\VICKIE\Downloads\MBRCheck.exe
    4728 C:\Windows\System32\conhost.exe
    1420 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
    \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000048`14c00000 (NTFS)

    PhysicalDrive0 Model Number: ST9320325AS, Rev: 0020LVM1

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 8130EE146ABB4AF2A5688200CF4763A1C3855331


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    ComboFix Log

    ComboFix 11-03-16.01 - VICKIE 03/16/2011 18:48:44.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2655 [GMT -5:00]
    Running from: c:\users\VICKIE\Downloads\ComboFix.exe
    AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Java
    c:\program files (x86)\Java\jre6\bin\msvcr71.dll
    c:\users\VICKIE\WordPerfectOfficeInstaller.exe.part
    c:\windows\system32\Thumbs.db
    Q:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-16 23:51 . 2011-03-16 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-16 23:35 . 2011-03-16 23:35 -------- d-----w- c:\users\VICKIE\AppData\Roaming\Avira
    2011-03-16 02:33 . 2011-03-16 02:33 -------- d-----w- c:\users\VICKIE\AppData\Roaming\Malwarebytes
    2011-03-16 02:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-16 02:32 . 2011-03-16 02:32 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-16 02:32 . 2011-03-16 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-16 02:32 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-16 02:17 . 2011-03-16 02:17 -------- d-----w- c:\programdata\Avira
    2011-03-16 02:17 . 2011-03-16 02:17 -------- d-----w- c:\program files (x86)\Avira
    2011-03-16 02:17 . 2011-01-10 19:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-16 02:17 . 2011-01-10 19:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-16 02:11 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-16 02:11 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
    2011-03-16 02:11 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-16 02:11 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-16 02:11 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-16 02:11 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2011-03-16 02:11 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-16 02:11 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-16 02:11 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-16 02:11 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-16 02:11 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-16 02:11 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-16 02:10 . 2011-03-16 02:10 -------- d-----w- c:\users\VICKIE\AppData\Roaming\Uniblue
    2011-03-16 02:10 . 2011-03-16 02:10 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
    2011-03-16 02:10 . 2011-03-16 02:10 -------- d-----w- c:\program files (x86)\Uniblue
    2011-03-16 02:09 . 2011-03-16 02:09 -------- d-----w- c:\users\VICKIE\AppData\Local\PackageAware
    2011-03-04 15:17 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-03-04 14:12 . 2011-03-04 14:12 388096 ----a-r- c:\users\VICKIE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-04 14:12 . 2011-03-04 14:12 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-03-01 17:56 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4859B6A0-AD14-4B33-98A6-92F78B438AD2}\mpengine.dll
    2011-02-24 09:00 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-24 09:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-02-23 16:33 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 16:33 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 16:33 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 16:33 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 23:11 . 2010-11-10 03:13 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 06:53 . 2011-02-09 17:32 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-26 06:53 . 2011-02-09 17:32 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-01-26 06:31 . 2011-02-09 17:32 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-01-07 08:06 . 2011-02-09 17:31 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:27 . 2011-02-09 17:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-09 17:31 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-09 17:31 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 06:20 . 2011-02-09 17:31 612352 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 05:37 . 2011-02-09 17:31 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-01-05 04:00 . 2011-02-09 17:33 3127808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-27 02:47 . 2010-12-27 02:47 583296 ----a-w- c:\windows\system32\drivers\NISx64\1008000.029\cchpx64.sys
    2010-12-21 06:16 . 2011-02-09 17:33 62976 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 06:16 . 2011-02-09 17:33 97280 ----a-w- c:\windows\system32\wscsvc.dll
    2010-12-21 06:16 . 2011-02-09 17:32 214016 ----a-w- c:\windows\system32\winsrv.dll
    2010-12-21 06:16 . 2011-02-09 17:33 442880 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 06:16 . 2011-02-09 17:33 1197056 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 06:16 . 2011-02-09 17:33 258048 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 06:15 . 2011-02-09 17:33 264192 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 06:15 . 2011-02-09 17:33 15360 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 06:13 . 2011-02-09 17:33 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 06:13 . 2011-02-09 17:33 1880576 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-21 06:10 . 2011-02-09 17:33 100864 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-21 05:38 . 2011-02-09 17:33 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
    2010-12-21 05:38 . 2011-02-09 17:33 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-12-21 05:38 . 2011-02-09 17:33 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
    2010-12-21 05:38 . 2011-02-09 17:33 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2010-12-21 05:38 . 2011-02-09 17:33 204288 ----a-w- c:\windows\SysWow64\upnp.dll
    2010-12-21 05:38 . 2011-02-09 17:33 14336 ----a-w- c:\windows\SysWow64\slwga.dll
    2010-12-21 05:36 . 2011-02-09 17:33 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2010-12-21 05:36 . 2011-02-09 17:33 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2010-12-21 05:34 . 2011-02-09 17:33 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
    2010-12-18 06:11 . 2011-02-09 17:35 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:11 . 2011-02-09 17:33 714752 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-18 05:29 . 2011-02-09 17:35 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-12-18 05:29 . 2011-02-09 17:33 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
    2010-12-18 04:55 . 2011-02-09 17:35 482816 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:20 . 2011-02-09 17:35 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-12-18 04:13 . 2011-02-09 17:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-18 03:47 . 2011-02-09 17:35 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-01-05 75112]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\NISx64\1007000.01E\SYMNDISV.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
    S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [2010-07-15 397360]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
    S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-07-15 117640]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-15 131632]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:39]
    .
    2011-03-05 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 07:07]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF21533.cfxxe" [X]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]
    "TpShocks"="TpShocks.exe" [2009-12-11 380776]
    "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 5879608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
    HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
    c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Lenovo\System Update\SUService.exe
    c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-16 18:58:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-16 23:58
    .
    Pre-Run: 269,309,304,832 bytes free
    Post-Run: 268,626,403,328 bytes free
    .
    - - End Of File - - DF6D2BD161D86DF9572653E786681185
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Still redirected?

    Uninstall Uniblue RegistryBooster.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. mandyyy

    mandyyy TS Rookie Topic Starter

    Thanks for the reply. I'm actually not getting redirected anymore so hopefully the virus is gone.

    OTL log

    OTL logfile created on: 3/16/2011 7:57:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\VICKIE\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.15 Gb Total Space | 250.24 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.70 Gb Free Space | 27.60% Space Free | Partition Type: NTFS

    Computer Name: VICKIE-THINK | User Name: VICKIE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/16 19:57:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VICKIE\Downloads\OTL.exe
    PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/07/14 23:26:03 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    PRC - [2010/03/01 13:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    PRC - [2010/03/01 13:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    PRC - [2010/03/01 13:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    PRC - [2010/02/10 17:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
    PRC - [2009/11/23 23:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2009/11/17 04:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
    PRC - [2009/11/17 00:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2009/11/16 04:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2009/11/11 03:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    PRC - [2009/11/08 23:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
    PRC - [2009/11/03 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/03 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/28 16:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/16 19:57:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VICKIE\Downloads\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/11/18 00:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2009/11/17 04:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2009/11/16 04:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2009/11/08 23:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2009/10/09 14:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2009/09/21 18:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2009/09/21 18:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/07/14 23:26:03 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/01 13:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
    SRV - [2010/03/01 13:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2010/02/10 17:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2010/01/05 13:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
    SRV - [2009/11/03 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/03 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/08/28 16:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/01/10 14:23:53 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/01/10 14:23:52 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/12/26 21:47:43 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
    DRV:64bit: - [2010/07/14 23:26:10 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/07/14 23:26:05 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/07/14 23:26:05 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2010/07/14 23:26:05 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
    DRV:64bit: - [2010/07/14 23:26:05 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/07/14 23:26:05 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
    DRV:64bit: - [2010/02/08 07:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/02/05 02:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/01/25 03:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
    DRV:64bit: - [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/01/07 13:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/01/06 07:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/01/05 13:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2009/11/20 05:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
    DRV:64bit: - [2009/11/18 00:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2009/10/26 17:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/10/26 16:06:18 | 000,206,080 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
    DRV:64bit: - [2009/10/09 14:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2009/10/09 14:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2009/10/02 05:58:12 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/15 14:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/07/01 21:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/12 04:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
    DRV:64bit: - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
    DRV - [2010/07/14 23:26:05 | 000,397,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvia64.sys -- (IDSVia64)
    DRV - [2010/07/14 23:26:04 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EX64.SYS -- (NAVEX15)
    DRV - [2010/07/14 23:26:04 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/07/14 23:26:04 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ENG64.SYS -- (NAVENG)
    DRV - [2010/07/14 23:26:04 | 000,131,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
    IE - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/12/28 03:52:04 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/03/16 18:55:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] File not found
    O4:64bit: - HKLM..\Run: [Persistence] File not found
    O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-4104916212-774292148-2537120743-1003..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/16 18:55:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/16 18:48:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/16 18:48:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/16 18:48:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/16 18:48:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/16 18:47:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/16 18:47:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/16 18:47:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/16 18:35:05 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\AppData\Roaming\Avira
    [2011/03/15 21:33:37 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\AppData\Roaming\Malwarebytes
    [2011/03/15 21:32:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/03/15 21:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/15 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/15 21:32:43 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/03/15 21:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/03/15 21:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/03/15 21:17:35 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/03/15 21:17:35 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/03/15 21:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/03/15 21:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/03/15 21:10:22 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\AppData\Roaming\Uniblue
    [2011/03/15 21:10:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
    [2011/03/15 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\AppData\Local\PackageAware
    [2011/03/04 10:17:30 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
    [2011/03/04 09:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/03/04 09:12:17 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/02/26 01:19:40 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\Documents\My Received Files
    [2011/02/15 01:21:19 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\Documents\InterVideo

    ========== Files - Modified Within 30 Days ==========

    [2011/03/16 19:02:23 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/16 19:02:23 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/16 18:59:16 | 000,792,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/16 18:59:16 | 000,670,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/16 18:59:16 | 000,124,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/16 18:55:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/16 18:54:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/16 18:54:26 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/15 21:32:47 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/15 21:17:45 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/03/15 21:05:06 | 000,009,058 | -HS- | M] () -- C:\ProgramData\2809086545
    [2011/03/15 21:05:05 | 000,009,058 | -HS- | M] () -- C:\Users\VICKIE\AppData\Local\2809086545
    [2011/03/05 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/03/04 09:12:17 | 000,002,981 | ---- | M] () -- C:\Users\VICKIE\Desktop\HiJackThis.lnk

    ========== Files Created - No Company Name ==========

    [2011/03/16 18:48:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/16 18:48:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/16 18:48:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/16 18:48:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/16 18:48:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/15 21:32:47 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/15 21:17:45 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/03/04 09:12:17 | 000,002,981 | ---- | C] () -- C:\Users\VICKIE\Desktop\HiJackThis.lnk
    [2011/03/04 08:33:50 | 000,009,058 | -HS- | C] () -- C:\Users\VICKIE\AppData\Local\2809086545
    [2011/03/04 08:33:50 | 000,009,058 | -HS- | C] () -- C:\ProgramData\2809086545
    [2010/05/12 15:36:23 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/12 14:52:13 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/05/12 14:52:13 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/05/12 14:52:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/05/12 14:52:13 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2010/05/12 14:52:12 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/02/14 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\VICKIE\AppData\Roaming\InterVideo
    [2010/07/14 23:28:59 | 000,000,000 | ---D | M] -- C:\Users\VICKIE\AppData\Roaming\Lenovo
    [2010/12/26 01:20:14 | 000,000,000 | ---D | M] -- C:\Users\VICKIE\AppData\Roaming\Teleca
    [2011/03/15 21:10:22 | 000,000,000 | ---D | M] -- C:\Users\VICKIE\AppData\Roaming\Uniblue
    [2011/02/05 21:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/14 00:08:49 | 000,013,872 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/03/05 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/07/24 12:28:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/03/16 18:58:23 | 000,019,525 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/16 18:54:26 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/03/16 18:54:31 | 4081,639,424 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/12 14:51:46 | 000,003,065 | ---- | M] () -- C:\RHDSetup.log
    [2010/05/12 14:50:18 | 000,000,205 | ---- | M] () -- C:\setup.log
    [2009/08/26 17:31:50 | 000,644,096 | ---- | M] () -- C:\tvtpwm_message_hook.dll

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/15 16:27:48 | 000,000,221 | -HS- | M] () -- C:\Users\VICKIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/27 05:18:09 | 000,000,402 | -HS- | M] () -- C:\Users\VICKIE\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/15 21:05:06 | 000,009,058 | -HS- | M] () -- C:\ProgramData\2809086545

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  6. mandyyy

    mandyyy TS Rookie Topic Starter

    Extras log

    OTL Extras logfile created on: 3/16/2011 7:57:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\VICKIE\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.15 Gb Total Space | 250.24 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.70 Gb Free Space | 27.60% Space Free | Partition Type: NTFS

    Computer Name: VICKIE-THINK | User Name: VICKIE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4104916212-774292148-2537120743-1003\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
    "1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
    "3512AA88B7C41B232F5FF5219DFEEDB41AFC3AEA" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)
    "573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
    "A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
    "D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
    "E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
    "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    "Integrated Camera" = Integrated Camera
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "Power Management Driver" = ThinkPad Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{235C31BC-BBAE-4932-9F17-15395C65907B}" = Boingo Wi-Fi
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{F4BD11FE-8C8E-4FB8-826E-D3FDBF1CF037}" = Mobile Broadband Connect
    "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
    "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
    "{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
    "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "Lenovo Welcome_is1" = Lenovo Welcome
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "NIS" = Norton Internet Security
    "PdaNet_is1" = PdaNet for Android 2.45
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4104916212-774292148-2537120743-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/27/2011 5:00:19 AM | Computer Name = VICKIE-THINK | Source = MsiInstaller | ID = 1024
    Description =

    Error - 2/28/2011 5:00:18 AM | Computer Name = VICKIE-THINK | Source = MsiInstaller | ID = 10005
    Description =

    Error - 2/28/2011 5:00:18 AM | Computer Name = VICKIE-THINK | Source = MsiInstaller | ID = 1024
    Description =

    Error - 2/28/2011 2:14:16 PM | Computer Name = VICKIE-THINK | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access
    Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files
    (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

    Error - 2/28/2011 2:15:21 PM | Computer Name = VICKIE-THINK | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 2/28/2011 2:15:29 PM | Computer Name = VICKIE-THINK | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 3/1/2011 12:08:21 AM | Computer Name = VICKIE-THINK | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16722,
    time stamp: 0x4d0c2f29 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x536c8a57 Faulting process id:
    0xb40 Faulting application start time: 0x01cbd7bf29eb1bde Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
    Report
    Id: 8b1487a4-43b9-11e0-b99f-c80aa98144b3

    Error - 3/1/2011 1:06:31 AM | Computer Name = VICKIE-THINK | Source = Application Hang | ID = 1002
    Description = The program Access Connections.exe version 5.3.0.0 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: ba4 Start
    Time: 01cbd7ce2b534a47 Termination Time: 17 Application Path: C:\Program Files (x86)\Lenovo\Access
    Connections\Access Connections.exe Report Id: a3a9a737-43c1-11e0-80c5-c80aa98144b3


    Error - 3/1/2011 1:25:10 AM | Computer Name = VICKIE-THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A certificate chain could not be built to a trusted root authority.
    .

    Error - 3/1/2011 2:31:52 AM | Computer Name = VICKIE-THINK | Source = RasClient | ID = 20227
    Description =

    [ Lenovo-Message Center Plus/Admin Events ]
    Error - 7/24/2010 9:38:19 PM | Computer Name = VICKIE-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Unable to retrieve machine model -> Exception message: Provider failure


    Error - 7/24/2010 9:38:19 PM | Computer Name = VICKIE-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = Retrieved null machine type model

    Error - 7/24/2010 9:38:19 PM | Computer Name = VICKIE-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Unable to retrieve machine model -> Exception message: Provider failure


    Error - 7/24/2010 9:38:19 PM | Computer Name = VICKIE-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = Retrieved null machine type model

    [ System Events ]
    Error - 3/1/2011 1:40:48 AM | Computer Name = VICKIE-THINK | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/1/2011 1:40:48 AM | Computer Name = VICKIE-THINK | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/1/2011 1:49:18 AM | Computer Name = VICKIE-THINK | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 3/1/2011 5:51:07 AM | Computer Name = VICKIE-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

    Error - 3/1/2011 3:10:01 PM | Computer Name = VICKIE-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

    Error - 3/1/2011 5:03:11 PM | Computer Name = VICKIE-THINK | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 3/1/2011 9:40:03 PM | Computer Name = VICKIE-THINK | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A80EE54D-CA4D-4CA1-9E1F-435CE941C52A}
    because another computer on the network has the same name. The server could not
    start.

    Error - 3/2/2011 5:00:53 AM | Computer Name = VICKIE-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

    Error - 3/3/2011 5:00:40 AM | Computer Name = VICKIE-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

    Error - 3/4/2011 5:00:45 AM | Computer Name = VICKIE-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB982158).


    < End of report >
     
  7. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good news :)

    You're running two AV programs, Avira and Norton.
    One of them has to go.
    If Norton, make sure to use this tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    =======================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-4104916212-774292148-2537120743-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/03/15 21:10:22 | 000,000,000 | ---D | C] -- C:\Users\VICKIE\AppData\Roaming\Uniblue
      [2011/03/15 21:10:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
      [2011/03/15 21:05:06 | 000,009,058 | -HS- | M] () -- C:\ProgramData\2809086545
      [2011/03/04 08:33:50 | 000,009,058 | -HS- | C] () -- C:\Users\VICKIE\AppData\Local\2809086545
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  8. mandyyy

    mandyyy TS Rookie Topic Starter

    Question:

    I recently installed Avira from the 8 step preliminary removal thread. I was planning to purchase Norton's but since you suggest that I remove it, is Avira better?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    If you didn't buy Norton yet, I suggest, you get rid of it.
     
  10. mandyyy

    mandyyy TS Rookie Topic Starter

    On removing Norton's, how do I know which one to use?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    It doesn't matter.
    All links lead to the very same tool.
     
  12. mandyyy

    mandyyy TS Rookie Topic Starter

    Ok, small problem. I got rid of Norton's, Updated Java, deleted old versions of Java, ran 2nd OTL and ran Security Checker, but my computer froze on the TFC. Here are the logs from the previous 2 scans:

    2nd OTL log

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-4104916212-774292148-2537120743-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Users\VICKIE\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\VICKIE\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\VICKIE\AppData\Roaming\Uniblue folder moved successfully.
    Folder C:\ProgramData\~0\ not found.
    C:\ProgramData\2809086545 moved successfully.
    C:\Users\VICKIE\AppData\Local\2809086545 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: VICKIE
    ->Temp folder emptied: 25077944 bytes
    ->Temporary Internet Files folder emptied: 55622730 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1645 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: VICKIE
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03162011_214004

    Files\Folders moved on Reboot...
    C:\Users\VICKIE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VOXVBT9M\crosspixel-dest[1].htm moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VOXVBT9M\topic162544[1].html moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1WQALW5\sh34[1].html moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1WQALW5\signin[1].htm moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...


    Security Check

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    Adobe Reader 9.1
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    ``````````End of Log````````````
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Sometimes, it happens.
    Try to run TFC again.

    If still some problem, use this one...

    Download ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Firefox browser
    Click Firefox at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Opera browser
    Click Opera at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.

    Click Exit on the Main menu to close the program.

    =======================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
     
  14. mandyyy

    mandyyy TS Rookie Topic Starter

    Ok I completed the TFC scan & the ESET Online Scan. No threats found. Should I uninstall it from my computer now? Also what about all the other programs I've downloaded?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  16. mandyyy

    mandyyy TS Rookie Topic Starter

    YaaaaaY! Thank you so much! Here's the log from the reset system restore:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: VICKIE
    ->Temp folder emptied: 33524 bytes
    ->Temporary Internet Files folder emptied: 7182730 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: VICKIE
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.22.3 log created on 03162011_232109

    Files\Folders moved on Reboot...
    C:\Users\VICKIE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XSK28XY8\crosspixel-dest[1].htm moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XSK28XY8\sh34[1].html moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XSK28XY8\signin[1].htm moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WAG0QSS\topic162544[2].html moved successfully.
    C:\Users\VICKIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    All cool ?
     
  18. mandyyy

    mandyyy TS Rookie Topic Starter

    Yep all cool! :D Thank you very much. I really didn't want to have to spend 100$s of dollars to get the computer fixed if I didn't have to.

    Also what's the best antivirus our there that you recommend?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You're fine with Avira.

    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...