Hello. For the past few weeks I've been getting redirected from my homepage to a copy of what looks like a Windows7 virus scanner. I went through & blocked the .exe file from running so now I am able to get on the web but I want to make sure that it's gone. Any help would be much appreciated. Thanks in advance.
I already went through the 8 Step Preliminary Removal instructions and here are the logs requested:
MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6071
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/15/2011 9:39:13 PM
mbam-log-2011-03-15 (21-39-13).txt
Scan type: Quick scan
Objects scanned: 161419
Time elapsed: 2 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-15 21:59:08
Windows 6.1.7600
Running: 2uk36p04.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS Log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by VICKIE at 22:04:51.70 on Tue 03/15/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2542 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\VICKIE\Downloads\2uk36p04.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\VICKIE\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet
Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack
\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security
Solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin
\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar
\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live
\Writer\WriterBrowserExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client
Security Solution\tvtpwm_ie_com.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -
hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\CoIEPlg.dll
LSA: Notification Packages = scecli ACGina
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
mRun-x64: [TpShocks] TpShocks.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
mRun-x64: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-12-26 402992]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-10-9 23592]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-12-26 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-12-26 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs
\20090712.001\IDSvia64.sys [2010-7-14 397360]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2009-12-9 15400]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-15
135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-15 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-15 83120]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\ccSvcHst.exe [2010-12-26 117640]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R)
Management Engine Components\UNS\UNS.exe [2010-5-12 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE
\EraserUtilRebootDrv.sys [2010-7-14 131632]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-12 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-12 158848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-12 271872]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers
\NETw5s64.sys [2009-9-15 6952960]
R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-12-26 17920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-12 258560]
R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2010-5-12 206080]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers
\netw5v64.sys [2009-6-10 5434368]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:
\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-12
75112]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-12 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
.
=============== Created Last 30 ================
.
2011-03-16 02:33:37 -------- d-----w- C:\Users\VICKIE\AppData\Roaming\Malwarebytes
2011-03-16 02:32:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 02:32:46 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-16 02:32:43 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-16 02:32:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-16 02:17:35 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-16 02:17:35 -------- d-----w- C:\Program Files (x86)\Avira
2011-03-16 02:17:35 -------- d-----w- C:\PROGRA~3\Avira
2011-03-16 02:10:22 -------- d-----w- C:\Users\VICKIE\AppData\Roaming\Uniblue
2011-03-16 02:10:14 -------- dc-h--w- C:\PROGRA~3\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-16 02:10:13 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-03-16 02:09:50 -------- d-----w- C:\Users\VICKIE\AppData\Local\PackageAware
2011-03-04 15:17:30 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-03-04 14:12:17 388096 ----a-r- C:\Users\VICKIE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-
A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-04 14:12:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-01 17:56:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4859B6A0-AD14-
4B33-98A6-92F78B438AD2}\mpengine.dll
2011-02-24 09:00:34 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-24 09:00:34 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 16:33:40 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 16:33:40 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 16:33:40 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 16:33:40 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-21 03:32:37 361133343 ---ha-w- C:\Users\VICKIE\WordPerfectOfficeInstaller.exe.part
2011-02-14 06:58:17 -------- d-----w- C:\Users\VICKIE\AppData\Local\Deployment
2011-02-14 06:58:17 -------- d-----w- C:\Users\VICKIE\AppData\Local\Apps
.
==================== Find3M ====================
.
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-27 02:47:43 583296 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:05:18.97 ===============
DDS Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2010 11:22:08 PM
System Uptime: 3/15/2011 9:24:45 PM (1 hours ago)
.
Motherboard: LENOVO | | 0578A25
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 250.788 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 2.695 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP55: 2/19/2011 3:00:16 AM - Windows Update
RP56: 2/20/2011 3:00:14 AM - Windows Update
RP57: 2/21/2011 3:00:10 AM - Windows Update
RP58: 2/22/2011 3:00:10 AM - Windows Update
RP59: 2/22/2011 10:49:40 AM - Windows Update
RP60: 2/23/2011 3:00:17 AM - Windows Update
RP61: 2/24/2011 3:00:17 AM - Windows Update
RP62: 2/25/2011 3:00:10 AM - Windows Update
RP63: 2/25/2011 10:57:28 AM - Windows Update
RP64: 2/26/2011 3:00:10 AM - Windows Update
RP65: 2/27/2011 3:00:10 AM - Windows Update
RP66: 2/28/2011 3:00:10 AM - Windows Update
RP67: 3/1/2011 3:50:18 AM - Windows Update
RP68: 3/1/2011 3:53:46 AM - Device Driver Package Install: Microsoft Network adapters
RP69: 3/1/2011 11:56:21 AM - Windows Update
RP70: 3/1/2011 1:09:47 PM - Windows Update
RP71: 3/1/2011 2:59:15 PM - Restore Operation
RP73: 3/1/2011 11:19:09 PM - Windows Defender Checkpoint
RP74: 3/2/2011 3:00:10 AM - Windows Update
RP75: 3/3/2011 3:00:10 AM - Windows Update
RP76: 3/4/2011 3:00:17 AM - Windows Update
RP77: 3/4/2011 7:46:04 AM - Removed Google Talk Plugin
RP78: 3/4/2011 8:03:28 AM - Removed Java(TM) 6 Update 17 (64-bit)
RP79: 3/4/2011 8:04:02 AM - Removed Java(TM) 6 Update 17
RP80: 3/4/2011 8:12:01 AM - Installed HiJackThis
RP81: 3/4/2011 11:36:07 AM - Removed MSXML 4.0 SP2 (KB954430)
RP82: 3/4/2011 11:36:34 AM - Removed MSXML 4.0 SP2 (KB973688)
RP83: 3/4/2011 11:52:54 AM - Windows Update
RP84: 3/5/2011 2:48:05 AM - Windows Update
RP85: 3/15/2011 9:17:22 PM - Avira AntiVir Personal - 3/15/2011 21:16
.
==== Installed Programs ======================
.
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AT&T Service Activation
Avira AntiVir Personal - Free Antivirus
Boingo Wi-Fi
Burn.Now 4.5
Business Contact Manager for Outlook 2007 SP2
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
Direct DiscRecorder
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk (remove only)
HiJackThis
HTC Driver Installer
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
InterVideo WinDVD 8
Junk Mail filter update
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes' Anti-Malware
Message Center Plus
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Research AutoCollage Touch 2009
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Broadband Connect
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
PdaNet for Android 2.45
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rescue and Recovery
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
System Update
ThinkPad Power Manager
ThinkVantage Access Connections
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Verizon Wireless Mobile Broadband Self Activation
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
3/15/2011 9:23:02 PM, Error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It
has done this 1 time(s).
3/15/2011 9:17:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the
following error: Access is denied.
.
==== End Of File ===========================
I already went through the 8 Step Preliminary Removal instructions and here are the logs requested:
MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6071
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/15/2011 9:39:13 PM
mbam-log-2011-03-15 (21-39-13).txt
Scan type: Quick scan
Objects scanned: 161419
Time elapsed: 2 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-15 21:59:08
Windows 6.1.7600
Running: 2uk36p04.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS Log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by VICKIE at 22:04:51.70 on Tue 03/15/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2542 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\VICKIE\Downloads\2uk36p04.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\VICKIE\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet
Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack
\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security
Solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin
\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar
\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live
\Writer\WriterBrowserExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client
Security Solution\tvtpwm_ie_com.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -
hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\CoIEPlg.dll
LSA: Notification Packages = scecli ACGina
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
mRun-x64: [TpShocks] TpShocks.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
mRun-x64: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-12-26 402992]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-10-9 23592]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-12-26 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-12-26 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs
\20090712.001\IDSvia64.sys [2010-7-14 397360]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2009-12-9 15400]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-15
135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-15 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-15 83120]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine
\16.8.0.41\ccSvcHst.exe [2010-12-26 117640]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R)
Management Engine Components\UNS\UNS.exe [2010-5-12 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE
\EraserUtilRebootDrv.sys [2010-7-14 131632]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-12 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-12 158848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-12 271872]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers
\NETw5s64.sys [2009-9-15 6952960]
R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-12-26 17920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-12 258560]
R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2010-5-12 206080]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers
\netw5v64.sys [2009-6-10 5434368]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:
\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-12
75112]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-12 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
.
=============== Created Last 30 ================
.
2011-03-16 02:33:37 -------- d-----w- C:\Users\VICKIE\AppData\Roaming\Malwarebytes
2011-03-16 02:32:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 02:32:46 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-16 02:32:43 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-16 02:32:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-16 02:17:35 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-16 02:17:35 -------- d-----w- C:\Program Files (x86)\Avira
2011-03-16 02:17:35 -------- d-----w- C:\PROGRA~3\Avira
2011-03-16 02:10:22 -------- d-----w- C:\Users\VICKIE\AppData\Roaming\Uniblue
2011-03-16 02:10:14 -------- dc-h--w- C:\PROGRA~3\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-16 02:10:13 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-03-16 02:09:50 -------- d-----w- C:\Users\VICKIE\AppData\Local\PackageAware
2011-03-04 15:17:30 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-03-04 14:12:17 388096 ----a-r- C:\Users\VICKIE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-
A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-04 14:12:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-01 17:56:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4859B6A0-AD14-
4B33-98A6-92F78B438AD2}\mpengine.dll
2011-02-24 09:00:34 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-24 09:00:34 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 16:33:40 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 16:33:40 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 16:33:40 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 16:33:40 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-21 03:32:37 361133343 ---ha-w- C:\Users\VICKIE\WordPerfectOfficeInstaller.exe.part
2011-02-14 06:58:17 -------- d-----w- C:\Users\VICKIE\AppData\Local\Deployment
2011-02-14 06:58:17 -------- d-----w- C:\Users\VICKIE\AppData\Local\Apps
.
==================== Find3M ====================
.
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-27 02:47:43 583296 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:05:18.97 ===============
DDS Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2010 11:22:08 PM
System Uptime: 3/15/2011 9:24:45 PM (1 hours ago)
.
Motherboard: LENOVO | | 0578A25
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 250.788 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 2.695 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP55: 2/19/2011 3:00:16 AM - Windows Update
RP56: 2/20/2011 3:00:14 AM - Windows Update
RP57: 2/21/2011 3:00:10 AM - Windows Update
RP58: 2/22/2011 3:00:10 AM - Windows Update
RP59: 2/22/2011 10:49:40 AM - Windows Update
RP60: 2/23/2011 3:00:17 AM - Windows Update
RP61: 2/24/2011 3:00:17 AM - Windows Update
RP62: 2/25/2011 3:00:10 AM - Windows Update
RP63: 2/25/2011 10:57:28 AM - Windows Update
RP64: 2/26/2011 3:00:10 AM - Windows Update
RP65: 2/27/2011 3:00:10 AM - Windows Update
RP66: 2/28/2011 3:00:10 AM - Windows Update
RP67: 3/1/2011 3:50:18 AM - Windows Update
RP68: 3/1/2011 3:53:46 AM - Device Driver Package Install: Microsoft Network adapters
RP69: 3/1/2011 11:56:21 AM - Windows Update
RP70: 3/1/2011 1:09:47 PM - Windows Update
RP71: 3/1/2011 2:59:15 PM - Restore Operation
RP73: 3/1/2011 11:19:09 PM - Windows Defender Checkpoint
RP74: 3/2/2011 3:00:10 AM - Windows Update
RP75: 3/3/2011 3:00:10 AM - Windows Update
RP76: 3/4/2011 3:00:17 AM - Windows Update
RP77: 3/4/2011 7:46:04 AM - Removed Google Talk Plugin
RP78: 3/4/2011 8:03:28 AM - Removed Java(TM) 6 Update 17 (64-bit)
RP79: 3/4/2011 8:04:02 AM - Removed Java(TM) 6 Update 17
RP80: 3/4/2011 8:12:01 AM - Installed HiJackThis
RP81: 3/4/2011 11:36:07 AM - Removed MSXML 4.0 SP2 (KB954430)
RP82: 3/4/2011 11:36:34 AM - Removed MSXML 4.0 SP2 (KB973688)
RP83: 3/4/2011 11:52:54 AM - Windows Update
RP84: 3/5/2011 2:48:05 AM - Windows Update
RP85: 3/15/2011 9:17:22 PM - Avira AntiVir Personal - 3/15/2011 21:16
.
==== Installed Programs ======================
.
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AT&T Service Activation
Avira AntiVir Personal - Free Antivirus
Boingo Wi-Fi
Burn.Now 4.5
Business Contact Manager for Outlook 2007 SP2
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
Direct DiscRecorder
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk (remove only)
HiJackThis
HTC Driver Installer
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
InterVideo WinDVD 8
Junk Mail filter update
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes' Anti-Malware
Message Center Plus
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Research AutoCollage Touch 2009
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Broadband Connect
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
PdaNet for Android 2.45
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rescue and Recovery
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
System Update
ThinkPad Power Manager
ThinkVantage Access Connections
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Verizon Wireless Mobile Broadband Self Activation
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
3/15/2011 9:23:02 PM, Error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It
has done this 1 time(s).
3/15/2011 9:17:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the
following error: Access is denied.
.
==== End Of File ===========================