Virus? Please Help =(

Lenovo Thinkpad t61p notebook
March 24, 2010 at 19:43:36
Specs: Windows 7
Sometimes when I am browsing clicking on a
link doesn't open the link but opens another
window that directs me to ads. I also get a
popup window that looks like this:

Your browser is under the threat of infection.
Windows requires your permission to install
online protection tool.Your browser is run in
unsafe mode. Running the protection mode will
help you to keep your computer safe. Staying
at the suspicious website in unsafe mode may
lead to the loss of personal data and computer
breakage. To run the web browser in protected
mode Windows requires installing the certified
antivirus scanner software and online
protection tool.
Name: Online Protection Tool
Publisher: Microsoft Windows

I have scanned with avast antivirus. I
downloaded with MalwareBytes and scanned
with it but I cannot update it. I also cannot use
windows update. Even the windows update
site cannot be accessed through chrome or
IE. I tried using Trendmicro Housecall but it
stops for a while at 48% when checking for
component updates and then give an error:

Unable to complete the download. Please
ensure you have Internet connection and try
again. (E:1034046995:0)

edited by moderator: HJT Log deleted


See More: Virus? Please Help =(

Report •


#1
March 25, 2010 at 00:57:59
Certainly don't install the Online Protection Tool, it's almost certainly bogus. You can download & install the updates manually from MajorGeeks.com, under their 'spyware' section. Then try running Malwarebytes again, you may need to restart & do it in safe mode.

"I've always been mad, I know I've been mad, like the most of us..."


Report •

#2
March 25, 2010 at 09:31:20
Unfortunately the file is hosted on the Malwarebytes site, which
doesn't load on my computer just like Windows Update doesn't. I
had to download Malwarebytes software from download.com. So
unless the definitions are hosted somewhere else too I don't
think I can access it.

Report •

#3
March 25, 2010 at 13:01:32
Is your windows7 system a 32 or 64 bit.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

Related Solutions

#4
March 25, 2010 at 16:39:03
The OS is 64 Bit Windows 7 Professional.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Greg at 16:34:14.71 on Thu 03/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional
6.1.7600.0.1252.1.1033.18.4030.2302 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint
Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k
LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Presentati
onFontCache.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\NVIDIA Corporation\Performance
Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Greg\AppData\Local\Temp\HouseCall\housecall.bin
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Windows\SysWOW64\ctfmon.exe
L:\Greg\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-
8ecc-5164760863c6} - c:\program files (x86)\common
files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-
ba22-42b3008e02ff} -
c:\progra~2\micros~1\office14\URLREDIR.DLL
uRun: [Google Update]
"c:\users\greg\appdata\local\google\update\GoogleUpdate.exe
" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
/autoRun
mRun: [SoundMAXPnP] c:\program files (x86)\analog
devices\core\smax4pnp.exe
mRun: [PWMTRV] rundll32
c:\progra~2\thinkpad\utilit~1\PWMTR64V.DLL,PwrMgrBkGnd
Monitor
mRun: [avast5] "c:\program files\alwil
software\avast5\avastUI.exe" /nogui
mRun: [AdobeCS4ServiceManager] "c:\program files
(x86)\common
files\adobe\cs4servicemanager\CS4ServiceManager.exe" -
launchedbylogin
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-
E1D6-4330-914C-F5F514E3486C} - c:\program files
(x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -
{FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program
files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/fla
sh/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945}
- c:\program files (x86)\common files\microsoft
shared\office14\MSOXMLMF.DLL
LSA: Notification Packages = scecli c:\program
files\thinkvantage fingerprint software\psqlpwd.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-
4ABF-8ECC-5164760863C6} - c:\program files\common
files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-
4959-BA22-42B3008E02FF} -
c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [nwiz] nwiz.exe /install
mRun-x64: [NvCplDaemon] RUNDLL32.EXE
c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TpShocks] TpShocks.exe
mRun-x64: [PSQLLauncher] "c:\program files\thinkvantage
fingerprint software\launcher.exe" /startup
mRun-x64: [SynTPEnh]
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPHOTKEY] c:\program
files\lenovo\hotkey\TPOSDSVC.exe
mRun-x64: [BCSSync] "c:\program files\microsoft
office\office14\BCSSync.exe" /DelayServices

============= SERVICES / DRIVERS
===============

R0
DzHDD64;DzHDD64;c:\windows\system32\drivers\DZHDD64.
SYS [2010-3-23 30320]
R0
TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM64
.sys [2009-10-9 23592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys
[2010-3-23 121936]
R1 lenovo.smi;Lenovo System Interface
Driver;c:\windows\system32\drivers\smiifx64.sys [2010-3-23
15400]
R1 vwififlt;Virtual WiFi Filter
Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13
59904]
R2
aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.
sys [2010-3-23 22096]
R2
aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMon
Flt.sys [2010-3-23 63568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil
software\avast5\AvastSvc.exe [2010-3-23 40384]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files
(x86)\thinkpad\utilities\DZSVC64.EXE [2010-3-23 161128]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program
files\lenovo\hotkey\cammute.exe [2010-3-23 54632]
R2 NVIDIA Performance Driver Service;NVIDIA Performance
Driver Service;c:\program files\nvidia corporation\performance
drivers\nvPDsvc.exe [2009-7-19 4908576]
R2 smihlp;SMI Helper Driver (smihlp);c:\program
files\thinkvantage fingerprint software\smihlp.sys [2009-3-13
13840]
R2 TPHKSVC;On Screen Display;c:\program
files\lenovo\hotkey\TPHKSVC.exe [2010-3-23 63928]
R3
SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL
6.SYS [2009-7-13 292864]
R3
SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6
.SYS [2009-7-13 1485312]
R3
SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VST
CNXT6.SYS [2009-7-13 740864]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program
files\lenovo\hotkey\micmute.exe [2010-3-23 44984]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program
files\alwil software\avast5\AvastSvc.exe [2010-3-23 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program
files\alwil software\avast5\AvastSvc.exe [2010-3-23 40384]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service
64;c:\program files\common files\macrovision shared\flexnet
publisher\FNPLicensingService64.exe [2010-3-23 1038088]
S3 lvpopf64;Logitech POP Suppression
Filter;c:\windows\system32\drivers\lvpopf64.sys [2010-3-23
271640]
S3 LVRS64;Logitech RightSound Filter
Driver;c:\windows\system32\drivers\lvrs64.sys [2010-3-23
327704]
S3 LVUVC64;QuickCam for Notebooks
Deluxe(UVC);c:\windows\system32\drivers\lvuvc64.sys [2010-
3-23 6379288]
S3 ose64;Office 64 Source Engine;c:\program files\common
files\microsoft shared\source engine\OSE.EXE [2009-9-26
174424]
S3 osppsvc;Office Software Protection Platform;c:\program
files\common files\microsoft
shared\officesoftwareprotectionplatform\OSPPSVC.EXE
[2009-9-26 4924336]
S3 Power Manager DBC Service;Power Manager DBC
Service;c:\program files
(x86)\thinkpad\utilities\PWMDBSVC.exe [2010-3-23 75112]
S3 StorSvc;Storage
Service;c:\windows\system32\svchost.exe -k
LocalSystemNetworkRestricted [2009-7-13 27136]
S4
PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefrag
S.exe [2010-3-23 290816]

=============== Created Last 30 ================

2010-03-25 22:53:59 212864 ------w-
c:\windows\system32\MpSigStub.exe
2010-03-25 22:53:44 0 d-----w- c:\program files
(x86)\Microsoft CAPICOM 2.1.0.2
2010-03-25 04:16:27 0 d-----w-
c:\programdata\SUPERAntiSpyware.com
2010-03-25 04:16:23 0 d-----w-
c:\users\greg\appdata\roaming\SUPERAntiSpyware.com
2010-03-25 04:16:23 0 d-----w- c:\program files
(x86)\SUPERAntiSpyware
2010-03-24 22:04:34 0 d-----w-
c:\users\greg\appdata\roaming\Malwarebytes
2010-03-24 22:04:29 22104 ----a-w-
c:\windows\system32\drivers\mbam.sys
2010-03-24 22:04:29 0 d-----w-
c:\programdata\Malwarebytes
2010-03-24 22:04:29 0 d-----w- c:\program files
(x86)\Malwarebytes' Anti-Malware
2010-03-24 02:44:48 2414360 ----a-w-
c:\windows\syswow64\d3dx9_31.dll
2010-03-24 02:44:48 1892184 ----a-w-
c:\windows\syswow64\D3DX9_42.dll
2010-03-24 02:44:41 0 d-----w- c:\program files
(x86)\Winamp Detect
2010-03-24 02:44:37 0 d-----w- c:\program files
(x86)\common files\PX Storage Engine
2010-03-24 02:13:16 0 d-----w- c:\program files
(x86)\Audacity
2010-03-24 01:37:03 0 d-----w-
c:\users\greg\appdata\roaming\.purple
2010-03-24 01:36:26 0 d-----w- c:\program files
(x86)\Pidgin
2010-03-24 01:36:23 0 d-----w- c:\program files
(x86)\common files\GTK
2010-03-24 01:34:07 0 d-----w- c:\program
files\common files\LogiShrd
2010-03-24 01:31:22 0 d-----r- c:\program files
(x86)\Skype
2010-03-24 01:31:17 0 d-----w- c:\programdata\Skype
2010-03-24 01:28:59 0 d-----w- c:\program files
(x86)\Burrrn
2010-03-24 01:22:43 0 d-----w-
c:\programdata\FLEXnet
2010-03-24 01:21:23 0 d-----w- c:\program files\Adobe
2010-03-24 01:20:06 0 d-----w- c:\programdata\ALM
2010-03-24 01:09:51 0 d-----w-
c:\windows\syswow64\spool
2010-03-24 01:09:41 0 d-----w- c:\programdata\Adobe
2010-03-24 01:09:12 0 d-----w- c:\program
files\common files\Macrovision Shared
2010-03-24 01:09:11 0 d-----w- c:\program
files\common files\Adobe
2010-03-24 01:07:26 0 d-----w- c:\program files
(x86)\common files\Macrovision Shared
2010-03-24 00:58:31 834544 ----a-w-
c:\windows\system32\drivers\sptd.sys
2010-03-24 00:58:23 0 d-----w- c:\program files
(x86)\DAEMON Tools Lite
2010-03-24 00:58:02 0 d-----w-
c:\users\greg\appdata\roaming\DAEMON Tools Lite
2010-03-24 00:58:00 0 d-----w-
c:\programdata\DAEMON Tools Lite
2010-03-24 00:52:58 0 d-----w-
c:\windows\syswow64\Macromed
2010-03-24 00:49:16 0 d-----w-
c:\windows\system32\appmgmt
2010-03-24 00:46:15 0 d-----w- c:\program
files\Microsoft Synchronization Services
2010-03-24 00:46:14 0 d-----w- c:\program
files\common files\DESIGNER
2010-03-24 00:46:05 0 d-----w-
c:\windows\PCHEALTH
2010-03-24 00:46:05 0 d-----w- c:\program
files\Microsoft SQL Server Compact Edition
2010-03-24 00:44:06 0 d-----w- c:\program
files\Microsoft Analysis Services
2010-03-24 00:44:06 0 d-----w- c:\program files
(x86)\Microsoft Analysis Services
2010-03-24 00:44:03 0 d-----w-
c:\windows\SHELLNEW
2010-03-24 00:43:47 0 d-----w-
c:\programdata\Microsoft Help
2010-03-24 00:43:47 0 d-----w- c:\program
files\Microsoft Office
2010-03-24 00:41:58 290816 ----a-w-
c:\windows\system32\PuranDefragS.exe
2010-03-24 00:41:58 276480 ----a-w-
c:\windows\system32\PuranDC.exe
2010-03-24 00:41:58 270336 ----a-w-
c:\windows\system32\PuranDefrag.dll
2010-03-24 00:41:58 1417216 ----a-w-
c:\windows\system32\PuranFD.exe
2010-03-24 00:41:58 129536 ----a-w-
c:\windows\system32\PuranDefragBT.exe
2010-03-24 00:41:57 0 d-----w- c:\program files\Puran
Defrag
2010-03-24 00:39:15 0 d-----w-
c:\users\greg\appdata\roaming\TrueCrypt
2010-03-24 00:36:46 190464 ----a-w-
c:\windows\system32\unrar.dll
2010-03-24 00:36:46 100352 ----a-w-
c:\windows\system32\ff_vfw.dll
2010-03-24 00:36:45 0 d-----w- c:\program
files\KLCP64
2010-03-24 00:32:51 0 d-----w-
c:\users\greg\appdata\roaming\Dropbox
2010-03-24 00:32:40 0 d-----w- c:\program files
(x86)\CCleaner
2010-03-24 00:32:14 0 d-----w-
c:\programdata\TrueCrypt
2010-03-24 00:32:13 0 d-----w- c:\program files
(x86)\TrueCrypt
2010-03-24 00:31:51 0 d-----w- c:\program files\7-Zip
2010-03-24 00:31:25 63568 ----a-w-
c:\windows\system32\drivers\aswMonFlt.sys
2010-03-24 00:31:25 0 ----a-w-
c:\windows\syswow64\config.nt
2010-03-24 00:31:12 38848 ----a-w-
c:\windows\syswow64\avastSS.scr
2010-03-24 00:31:12 153184 ----a-w-
c:\windows\syswow64\aswBoot.exe
2010-03-24 00:31:10 0 d-----w- c:\programdata\Alwil
Software
2010-03-24 00:31:10 0 d-----w- c:\program files\Alwil
Software
2010-03-23 22:36:19 45928 ----a-w-
c:\windows\system32\ibmpmsvc.exe
2010-03-23 22:36:19 38760 ----a-w-
c:\windows\system32\tpinspm.dll
2010-03-23 22:36:19 32880 ----a-w-
c:\windows\system32\drivers\ibmpmdrv.sys
2010-03-23 22:19:46 382312 ------w-
c:\windows\PWMBTHLV.EXE
2010-03-23 22:19:44 825704 ----a-w-
c:\windows\system32\PWMCP64V.cpl
2010-03-23 22:19:44 30320 ----a-w-
c:\windows\system32\drivers\DZHDD64.SYS
2010-03-23 22:19:44 13104 ----a-w-
c:\windows\system32\drivers\TPPWR64V.SYS
2010-03-23 22:09:25 227004 --sh--r- C:\AIHDX
2010-03-23 22:09:25 20 --sh--r- C:\winx.ld
2010-03-23 21:56:29 90112 ----a-w-
c:\windows\system32\snymsico.dll
2010-03-23 21:56:29 62976 ----a-w-
c:\windows\system32\drivers\rimmpx64.sys
2010-03-23 21:56:29 57856 ----a-w-
c:\windows\system32\drivers\rixdpx64.sys
2010-03-23 21:56:29 55296 ----a-w-
c:\windows\system32\drivers\rimspx64.sys
2010-03-23 21:56:29 172032 ----a-w-
c:\windows\system32\rixdicon.dll
2010-03-23 21:42:24 0 d-----w- c:\program files\Lenovo
2010-03-23 21:42:24 0 d-----w- c:\program files
(x86)\Lenovo
2010-03-23 21:42:12 15400 ----a-w-
c:\windows\system32\drivers\smiifx64.sys
2010-03-23 21:41:49 0 ---ha-w-
c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-03-23 21:41:45 0 d-----w- c:\program
files\Synaptics
2010-03-23 21:41:26 300080 ----a-w-
c:\windows\system32\drivers\SynTP.sys
2010-03-23 21:41:26 207144 ----a-w-
c:\windows\system32\SynTPAPI.dll
2010-03-23 21:41:26 147752 ----a-w-
c:\windows\system32\SynTPCo4.dll
2010-03-23 21:41:26 107816 ----a-w-
c:\windows\syswow64\SynTPCOM.dll
2010-03-23 21:41:25 396584 ----a-w-
c:\windows\system32\SynCOM.dll
2010-03-23 21:41:25 263464 ----a-w-
c:\windows\system32\SynCtrl.dll
2010-03-23 21:41:25 206120 ----a-w-
c:\windows\syswow64\SynCtrl.dll
2010-03-23 21:41:25 173352 ----a-w-
c:\windows\syswow64\SynCOM.dll
2010-03-23 21:41:05 0 d-----w-
c:\windows\Downloaded Installations
2010-03-23 21:40:56 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_tcwbf_01_09_00.Wdf
2010-03-23 21:40:56 0 ---ha-w-
c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.W
df
2010-03-23 21:40:51 0 d-----w- c:\program
files\Protector Suite
2010-03-23 21:40:45 0 d-----w- c:\program
files\common files\SPBA
2010-03-23 21:40:44 0 d-----w- c:\program
files\ThinkVantage Fingerprint Software
2010-03-23 21:40:44 0 d-----w- c:\program files
(x86)\common files\SPBA
2010-03-23 21:40:19 0 d-----w- C:\SWTOOLS
2010-03-23 21:39:57 0 d-----w- c:\program
files\ThinkPad
2010-03-23 21:39:57 0 d-----w- c:\program files
(x86)\ThinkPad
2010-03-23 21:38:59 32768 ----a-w-
c:\windows\syswow64\adidrm.dll
2010-03-23 21:38:49 0 d-----w- c:\program files
(x86)\Analog Devices
2010-03-23 21:38:25 56320 ----a-w-
c:\windows\system32\AEADIAPR.dll
2010-03-23 21:38:25 497152 ----a-w-
c:\windows\system32\drivers\ADIHdAud.sys
2010-03-23 21:38:25 428544 ----a-w-
c:\windows\system32\AEADIExt.dll
2010-03-23 21:38:25 41472 ----a-w-
c:\windows\system32\SmaxCo.dll
2010-03-23 21:38:25 32768 ----a-w-
c:\windows\system32\adidrm.dll
2010-03-23 21:38:25 161280 ----a-w-
c:\windows\system32\AEADIAPO.dll
2010-03-23 21:38:25 111616 ----a-w-
c:\windows\system32\AEADISRV.EXE
2010-03-23 21:37:35 0 d-----w- c:\programdata\NVIDIA
2010-03-23 21:35:17 0 d-----w- c:\program
files\NVIDIA Corporation
2010-03-23 21:33:58 542824 ----a-w-
c:\windows\system32\nvudisp.exe
2010-03-23 21:30:04 53248 ----a-w-
c:\windows\syswow64\CSVer.dll
2010-03-23 21:29:53 0 d-----w- C:\Intel
2010-03-23 21:29:48 0 d-----w- C:\DRIVERS
2010-03-23 21:24:37 0 d-----w- c:\windows\Panther
2010-03-23 21:24:24 8192 --sha-r- C:\BOOTSECT.BAK
2010-03-23 21:24:22 383562 --sha-r- C:\bootmgr
2010-03-23 21:24:22 0 d-sh--w- C:\Boot
2010-03-23 21:19:39 0 d-----w- c:\program
files\Microsoft Games
2010-03-23 21:04:29 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.W
df

==================== Find3M
====================

2010-03-24 01:34:32 0 ----a-w-
c:\windows\system32\drivers\lvuvc.hs
2009-07-14 05:37:38 31548 ----a-w-
c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w-
c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w-
c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w-
c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program
files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files
(x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w-
c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w-
c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w-
c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w-
c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r-
c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w-
c:\windows\system32\config\systemprofile\appdata\roaming\
microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w-
c:\windows\winsxs\amd64_microsoft-windows-mail-
app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f69663
9a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w-
c:\windows\winsxs\x86_microsoft-windows-mail-
app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108
c86c\WinMail.exe

============= FINISH: 16:34:41.01 ===============

Sorry I don't know how to attach a file to this post, so I pasted the Attach.txt here, hope that is okay.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2010 1:45:12 PM
System Uptime: 3/25/2010 3:44:08 PM (1 hours ago)

Motherboard: LENOVO | | 6462CTO
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 40 GiB total, 15.949 GiB free.
D: is CDROM ()
L: is FIXED (NTFS) - 53 GiB total, 51.74 GiB free.
V: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Production Premium
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Audacity 1.2.6
avast! Free Antivirus
CCleaner
Connect
Dropbox
Google Chrome
GTK+ Runtime 2.14.7 rev a (remove only)
HijackThis 2.0.2
kuler
Logitech High Quality Video
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
PDF Settings CS4
Photoshop Camera Raw
Pidgin
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Security Update for CAPICOM (KB931906)
Skype™ 4.2
SoundMAX
Suite Shared Configuration CS4
ThinkPad Power Manager
TrueCrypt
Winamp
Winamp Detector Plug-in

==== Event Viewer Messages From Past Week ========

3/24/2010 3:18:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/24/2010 10:30:18 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
3/24/2010 10:30:18 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
3/24/2010 10:30:18 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/24/2010 10:30:18 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/24/2010 10:13:42 PM, Error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: This driver has been blocked from loading
3/24/2010 10:13:42 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/24/2010 10:13:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
3/23/2010 9:52:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/23/2010 6:25:01 PM, Error: Ntfs [137] - The default transaction resource manager on volume Z: encountered a non-retryable error and could not start. The data contains the error code.
3/23/2010 6:02:49 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
3/23/2010 5:41:59 PM, Error: Service Control Manager [7030] - The PuranDefrag service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/23/2010 3:36:37 PM, Error: Service Control Manager [7030] - The ThinkPad PM Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/23/2010 3:20:54 PM, Error: Service Control Manager [7030] - The Lenovo Doze Mode Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================


Report •

#5
March 25, 2010 at 16:44:21
None of the computers at my apartment using the internet can
access Windows Update or MalwareBytes. We use comcast
cable internet, and I don't remember the router model off the top
of my head. However, I used to be able to download updates for
Windows before, including last month.

Using wifi at Starbucks, I can access Windows update. I am
currently updating.

After updating windows and scanning with updated MalwareBytes (found nothing), I went back home. I didn't see any popups or have any redirection issues while at starbucks, but now that I am home I am seeing it again.


Report •

#6
March 25, 2010 at 18:54:56
Its most likely the router that is infected , it will have to be reset. Get the make and model off of the router and go online to find out how to reset it.

Would be nice to know if that was the problem...an old version of the redirect would infect routers.


Report •


Ask Question