Here are the logs that I received following the 7-step Virus Prelim Removal Instructions:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6678
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
5/25/2011 4:38:08 PM
mbam-log-2011-05-25 (16-38-08).txt
Scan type: Quick scan
Objects scanned: 153166
Time elapsed: 18 minute(s), 8 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
c:\programdata\yqclqmlyemrydso.exe (Trojan.FakeAlert) -> 6424 -> Unloaded process successfully.
c:\programdata\38985280.exe (Trojan.FakeAlert.Gen) -> 6068 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yqClQMLyEMRydSo (Trojan.FakeAlert) -> Value: yqClQMLyEMRydSo -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\yqclqmlyemrydso.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\Desktop\0.2050716830169137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\tmp72DD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\jar_cache5139502405848194932.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\jar_cache5387795699203993656.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\jar_cache1809777734462718390.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\38985280.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 21:57:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: gmer.exe; Driver: C:\Users\MARYMC~1\AppData\Local\Temp\kwlyraod.sys
---- System - GMER 1.0.15 ----
SSDT 884120A0 ZwCreateKey
SSDT 884133E0 ZwCreateMutant
SSDT 884112E0 ZwCreateProcess
SSDT 884115A0 ZwCreateProcessEx
SSDT 88412F00 ZwCreateThread
SSDT 88412620 ZwDeleteKey
SSDT 884128E0 ZwDeleteValueKey
SSDT 88413240 ZwLoadDriver
SSDT 88411B20 ZwOpenProcess
SSDT 88413580 ZwSetSystemInformation
SSDT 88412360 ZwSetValueKey
SSDT 88411DE0 ZwTerminateProcess
SSDT 88412D60 ZwWriteVirtualMemory
SSDT 884130A0 ZwCreateThreadEx
SSDT 88411860 ZwCreateUserProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1E9 81EE096C 4 Bytes [A0, 20, 41, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EE0978 4 Bytes [E0, 33, 41, 88]
.text ntkrnlpa.exe!KeSetEvent + 209 81EE098C 8 Bytes [E0, 12, 41, 88, A0, 15, 41, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 81EE09A4 4 Bytes [00, 2F, 41, 88]
.text ntkrnlpa.exe!KeSetEvent + 2D5 81EE0A58 4 Bytes [20, 26, 41, 88]
.text ...
? System32\drivers\crfnnuj.sys The system cannot find the path specified. !
? system32\DRIVERS\tmcomm.sys The system cannot find the path specified. !
? system32\DRIVERS\tmevtmgr.sys The system cannot find the path specified. !
? system32\DRIVERS\tmactmon.sys The system cannot find the path specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS037A2.log 131072 bytes
---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------------------------------------------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Mary McCabe at 22:06:03 on 2011-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1363 [GMT -4:00]
.
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mary McCabe\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files\dell datasafe local backup\components\dsupdate" /runas "c:\program files\dell datasafe local backup\components\dsupdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] c:\program files\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\marymc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\marymc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-29 146448]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-24 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2010-2-23 72672]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-24 689472]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2011-1-2 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-29 283152]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-29 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-12-23 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-12-23 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-25 20:10:16 -------- d--h--w- c:\users\mary mccabe\appdata\roaming\Malwarebytes
2011-05-25 20:09:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 20:09:50 -------- d--h--w- c:\programdata\Malwarebytes
2011-05-25 20:09:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 20:09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-24 18:23:53 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8217640d-6aee-4e1d-876e-510d7838ff2a}\mpengine.dll
2011-05-10 21:15:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-26 21:14:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 21:14:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 21:14:11 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 11:49:02 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 11:45:06 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-03-03 11:45:02 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 22:06:46.02 ===============
--------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/24/2009 1:43:33 PM
System Uptime: 5/25/2011 7:14:05 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 149.086 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.059 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP291: 4/14/2011 6:32:52 AM - Windows Update
RP292: 4/14/2011 9:19:32 PM - Scheduled Checkpoint
RP293: 4/15/2011 8:00:13 PM - Windows Update
RP294: 4/19/2011 9:24:09 AM - Windows Update
RP295: 4/22/2011 3:03:16 AM - Windows Update
RP296: 4/24/2011 3:26:31 AM - Scheduled Checkpoint
RP297: 4/25/2011 3:38:41 AM - Scheduled Checkpoint
RP298: 4/25/2011 5:06:10 PM - Windows Update
RP299: 4/26/2011 6:20:58 AM - Windows Update
RP300: 4/26/2011 5:12:03 PM - Windows Update
RP301: 4/27/2011 4:44:40 PM - Windows Update
RP302: 4/29/2011 7:08:17 PM - Windows Update
RP303: 5/3/2011 4:27:40 PM - Windows Update
RP304: 5/6/2011 3:09:39 PM - Windows Update
RP305: 5/10/2011 5:13:03 PM - Windows Update
RP306: 5/13/2011 6:38:04 PM - Windows Update
RP307: 5/13/2011 9:01:46 PM - Windows Update
RP308: 5/17/2011 6:41:19 PM - Windows Update
RP309: 5/20/2011 5:03:49 PM - Windows Update
RP310: 5/21/2011 4:10:27 PM - Scheduled Checkpoint
RP311: 5/24/2011 2:23:22 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Advanced Audio FX Engine
aioprnt
aioscnnr
Bonjour
C4USelfUpdater
center
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Coupon Printer for Windows
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
essentials
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.02.01.0320)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ocr
OGA Notifier 2.0.0048.0
PowerDVD DX
PreReq
PrintMaster 16
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shockwave
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Internet Security Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 4:54:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user MaryMcCabe-PC\Mary McCabe SID (S-1-5-21-3031467444-4087630756-4023183767-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/25/2011 4:41:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
5/25/2011 4:41:26 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/25/2011 4:41:26 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/25/2011 4:38:44 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2011 4:07:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/25/2011 3:28:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/25/2011 3:12:44 PM, Error: EventLog [6008] - The previous system shutdown at 3:09:02 PM on 5/25/2011 was unexpected.
5/22/2011 5:00:09 PM, Error: EventLog [6008] - The previous system shutdown at 4:58:52 PM on 5/22/2011 was unexpected.
5/22/2011 4:58:52 PM, Error: EventLog [6008] - The previous system shutdown at 4:57:04 PM on 5/22/2011 was unexpected.
.
==== End Of File ===========================
If you could help me in removing this it would be very much appreciated!
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6678
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
5/25/2011 4:38:08 PM
mbam-log-2011-05-25 (16-38-08).txt
Scan type: Quick scan
Objects scanned: 153166
Time elapsed: 18 minute(s), 8 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
c:\programdata\yqclqmlyemrydso.exe (Trojan.FakeAlert) -> 6424 -> Unloaded process successfully.
c:\programdata\38985280.exe (Trojan.FakeAlert.Gen) -> 6068 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yqClQMLyEMRydSo (Trojan.FakeAlert) -> Value: yqClQMLyEMRydSo -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\yqclqmlyemrydso.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\Desktop\0.2050716830169137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\tmp72DD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\jar_cache5139502405848194932.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\jar_cache5387795699203993656.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mary mccabe\AppData\Local\Temp\jar_cache1809777734462718390.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\38985280.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 21:57:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: gmer.exe; Driver: C:\Users\MARYMC~1\AppData\Local\Temp\kwlyraod.sys
---- System - GMER 1.0.15 ----
SSDT 884120A0 ZwCreateKey
SSDT 884133E0 ZwCreateMutant
SSDT 884112E0 ZwCreateProcess
SSDT 884115A0 ZwCreateProcessEx
SSDT 88412F00 ZwCreateThread
SSDT 88412620 ZwDeleteKey
SSDT 884128E0 ZwDeleteValueKey
SSDT 88413240 ZwLoadDriver
SSDT 88411B20 ZwOpenProcess
SSDT 88413580 ZwSetSystemInformation
SSDT 88412360 ZwSetValueKey
SSDT 88411DE0 ZwTerminateProcess
SSDT 88412D60 ZwWriteVirtualMemory
SSDT 884130A0 ZwCreateThreadEx
SSDT 88411860 ZwCreateUserProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1E9 81EE096C 4 Bytes [A0, 20, 41, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EE0978 4 Bytes [E0, 33, 41, 88]
.text ntkrnlpa.exe!KeSetEvent + 209 81EE098C 8 Bytes [E0, 12, 41, 88, A0, 15, 41, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 81EE09A4 4 Bytes [00, 2F, 41, 88]
.text ntkrnlpa.exe!KeSetEvent + 2D5 81EE0A58 4 Bytes [20, 26, 41, 88]
.text ...
? System32\drivers\crfnnuj.sys The system cannot find the path specified. !
? system32\DRIVERS\tmcomm.sys The system cannot find the path specified. !
? system32\DRIVERS\tmevtmgr.sys The system cannot find the path specified. !
? system32\DRIVERS\tmactmon.sys The system cannot find the path specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS037A2.log 131072 bytes
---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------------------------------------------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Mary McCabe at 22:06:03 on 2011-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1363 [GMT -4:00]
.
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mary McCabe\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files\dell datasafe local backup\components\dsupdate" /runas "c:\program files\dell datasafe local backup\components\dsupdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] c:\program files\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\marymc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\marymc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-29 146448]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-24 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2010-2-23 72672]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-24 689472]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2011-1-2 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-29 283152]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-29 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-12-23 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-12-23 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-25 20:10:16 -------- d--h--w- c:\users\mary mccabe\appdata\roaming\Malwarebytes
2011-05-25 20:09:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 20:09:50 -------- d--h--w- c:\programdata\Malwarebytes
2011-05-25 20:09:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 20:09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-24 18:23:53 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8217640d-6aee-4e1d-876e-510d7838ff2a}\mpengine.dll
2011-05-10 21:15:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-26 21:14:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 21:14:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 21:14:11 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 11:49:02 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 11:45:06 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-03-03 11:45:02 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 22:06:46.02 ===============
--------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/24/2009 1:43:33 PM
System Uptime: 5/25/2011 7:14:05 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 149.086 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.059 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP291: 4/14/2011 6:32:52 AM - Windows Update
RP292: 4/14/2011 9:19:32 PM - Scheduled Checkpoint
RP293: 4/15/2011 8:00:13 PM - Windows Update
RP294: 4/19/2011 9:24:09 AM - Windows Update
RP295: 4/22/2011 3:03:16 AM - Windows Update
RP296: 4/24/2011 3:26:31 AM - Scheduled Checkpoint
RP297: 4/25/2011 3:38:41 AM - Scheduled Checkpoint
RP298: 4/25/2011 5:06:10 PM - Windows Update
RP299: 4/26/2011 6:20:58 AM - Windows Update
RP300: 4/26/2011 5:12:03 PM - Windows Update
RP301: 4/27/2011 4:44:40 PM - Windows Update
RP302: 4/29/2011 7:08:17 PM - Windows Update
RP303: 5/3/2011 4:27:40 PM - Windows Update
RP304: 5/6/2011 3:09:39 PM - Windows Update
RP305: 5/10/2011 5:13:03 PM - Windows Update
RP306: 5/13/2011 6:38:04 PM - Windows Update
RP307: 5/13/2011 9:01:46 PM - Windows Update
RP308: 5/17/2011 6:41:19 PM - Windows Update
RP309: 5/20/2011 5:03:49 PM - Windows Update
RP310: 5/21/2011 4:10:27 PM - Scheduled Checkpoint
RP311: 5/24/2011 2:23:22 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Advanced Audio FX Engine
aioprnt
aioscnnr
Bonjour
C4USelfUpdater
center
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Coupon Printer for Windows
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
essentials
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.02.01.0320)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ocr
OGA Notifier 2.0.0048.0
PowerDVD DX
PreReq
PrintMaster 16
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shockwave
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Internet Security Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 4:54:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user MaryMcCabe-PC\Mary McCabe SID (S-1-5-21-3031467444-4087630756-4023183767-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/25/2011 4:41:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
5/25/2011 4:41:26 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/25/2011 4:41:26 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/25/2011 4:38:44 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2011 4:07:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/25/2011 3:28:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/25/2011 3:12:44 PM, Error: EventLog [6008] - The previous system shutdown at 3:09:02 PM on 5/25/2011 was unexpected.
5/22/2011 5:00:09 PM, Error: EventLog [6008] - The previous system shutdown at 4:58:52 PM on 5/22/2011 was unexpected.
5/22/2011 4:58:52 PM, Error: EventLog [6008] - The previous system shutdown at 4:57:04 PM on 5/22/2011 was unexpected.
.
==== End Of File ===========================
If you could help me in removing this it would be very much appreciated!