I scanned initially using MBA-M. It an infection but it was unable to get rid of it. I attached the following logs as requested. GMER did not post initial scan log. I tried twice.
Nothing was found by MS malicious software. Nothing was found by MS security essentials. I was able to run ATF cleaner.
Thanks....
GMER Log 2:(no log 1)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-15 15:56:05
Windows 6.0.6001 Service Pack 1
Running: scyh6icx.exe
---- Files - GMER 1.0.15 ----
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MMDONK2\01[4].htm 0 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYT6ELL1\dref=http%253A%252F%252Fwww.gossipcenter[1].com%252Fmovie_news 1023 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYT6ELL1\gossipcenter[2].htm 867 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYT6ELL1\sandbox[4].php 9743 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0XS5GUE\detect[1].act 267 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0XS5GUE\gossipcenter[2].htm 867 bytes
---- EOF - GMER 1.0.15 ----
DDS Log 1:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088
Run by Babs at 15:57:10 on 2011-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4028.2335 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\IgrsSvcs.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.live.com/
mStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com/
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
uWinlogon: Shell=C:\Users\Babs\AppData\Local\cc5a6bd3\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
mRun: [VeriFaceManager] "C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{A11B29D4-462A-4553-80AD-4AC3BF353147} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO-X64: 0x1 - No File
TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
mRun-x64: [VeriFaceManager] "C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Babs\AppData\Roaming\Mozilla\Firefox\Profiles\u0t4854i.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: C:\Users\Babs\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: fireform: fireform@mozilla.org - %profile%\extensions\fireform@mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 funfrm;funfrm;C:\Windows\system32\drivers\funfrm.sys --> C:\Windows\system32\drivers\funfrm.sys [?]
R1 LenovoVCD;LenovoVCD;C:\Windows\SysWOW64\drivers\LenovoVCD.sys [2009-7-6 20296]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 DDNIMSGService;DDNIMSGService;C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-1-17 171872]
R2 DDNIService;DDNIService;C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [2009-6-11 163680]
R2 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2008-2-14 32768]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\Windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\Windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2009-6-11 434176]
R2 tvtumon;tvtumon;C:\Windows\system32\DRIVERS\tvtumon.sys --> C:\Windows\system32\DRIVERS\tvtumon.sys [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys --> C:\Windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 usbsmi;Lenovo EasyCamera;C:\Windows\system32\DRIVERS\SMIksdrv.sys --> C:\Windows\system32\DRIVERS\SMIksdrv.sys [?]
R3 wdmirror;wdmirror;C:\Windows\system32\DRIVERS\WDMirror.sys --> C:\Windows\system32\DRIVERS\WDMirror.sys [?]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Bridge0;Bridge0;C:\Windows\system32\drivers\WDBridge.sys --> C:\Windows\system32\drivers\WDBridge.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-3 93184]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-7-6 379968]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-7-6 412736]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys --> C:\Windows\system32\drivers\WSVD.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-15 17:35:22 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3D6D195-9784-4566-9E05-F66829E07E5A}\offreg.dll
2011-10-14 20:16:01 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3D6D195-9784-4566-9E05-F66829E07E5A}\mpengine.dll
2011-10-11 20:58:36 5632 --sha-w- C:\Users\Babs\wevtapi.dll
2011-10-11 20:58:36 192512 ----a-w- C:\Users\Babs\taskmgr.exe
2011-10-11 20:58:34 -------- d-sh--w- C:\Users\Babs\AppData\Local\cc5a6bd3
2011-10-11 17:07:53 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A4647E0-EDDD-451E-8094-15DC6CB4108D}\gapaengine.dll
.
==================== Find3M ====================
.
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:57:34.34 ===============
Attach Log 1:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2009 6:54:32 PM
System Uptime: 10/15/2011 1:34:39 PM (2 hours ago)
.
Motherboard: LENOVO | | KIWA7
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 253 GiB total, 178.299 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 28.926 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.0.1
Big Fish Games: Game Manager
Big Kahuna Reef
Broadcom WLAN
Business Contact Manager for Outlook 2007 SP2
DIBS
EasyCapture
Energy Management
Escape Rosecliff Island
Facebook Plug-In
Hidden Expedition Titanic (remove only)
Hidden Expedition: Everest ™
Hidden Wonders of the Depths
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Lenovo EasyCamera
Lenovo First Boot
Lenovo Idea Central
Lenovo Idea Notes
Lenovo OneKey Recovery
Lenovo ReadyComm 5.0
Lenovo ReadyComm 5.0 Service
Lenovo System Repair - Windows Update Monitor
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.15)
Mystery Case Files®: Dire Grove™ Collector's Edition
Mystery Case Files: Ravenhearst ®
Mystery Case Files: Return to Ravenhearst ™
Power2Go
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WildGames
Windows Live Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/8/2011 10:26:57 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/8/2011 10:26:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
10/8/2011 10:26:10 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
10/15/2011 8:47:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/12/2011 1:17:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.113.1508.0).
10/12/2011 1:16:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1445.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070643 Error description: Fatal error during installation.
10/11/2011 9:50:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 002100FB24DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/11/2011 7:54:17 PM, Error: EventLog [6008] - The previous system shutdown at 7:51:14 PM on 10/11/2011 was unexpected.
10/10/2011 11:32:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
.
==== End Of File ===========================
MBA-M log:(it would not get rid of the infected nasty:(
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7954
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
10/15/2011 1:33:58 PM
mbam-log-2011-10-15 (13-33-58).txt
Scan type: Full scan (C:\|)
Objects scanned: 312624
Time elapsed: 44 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)