Inactive General trouble - 8 steps conducted

Status
Not open for further replies.
X

xaetium

Posts: 18   +0
Browser redirects search engine results to random sites, occasional blue screen, seemingly at random, sometimes the desktop changes into something horrendous and I cannot run any program. The latter has been fixed with a restore to a previous version, after which I ran your 8 step program and here is the result:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 26/10/2007 2.17.24 am
System Uptime: 15/03/2011 1.47.55 pm (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | F5VL
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 7.715 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 2.557 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1301: 12/03/2011 11.34.32 am - Scheduled Checkpoint
RP1302: 12/03/2011 2.19.23 pm - avast! Free Antivirus Setup
RP1303: 14/03/2011 12.15.46 am - Removed Bonjour
RP1304: 14/03/2011 12.17.52 am - Removed Apple Mobile Device Support
RP1305: 14/03/2011 6.56.25 pm - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4oD
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.6
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Uninstaller
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
avast! Free Antivirus
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin Bluetooth Software
Bing Bar
Bing Bar Platform
Bingo Cafe UK
BitDefender Antivirus 2008
Bonjour
BroadJump Client Foundation
BT Broadband Desktop Help
BT Broadband Support Tools
BT Yahoo! Applications
BTHomeHub
Burn4Free CD & DVD 4.9.0.0
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
D3DX10
DivX Setup
Download Updater (AOL LLC)
DVD Region+CSS Free 5.9.8.3
Easy DVD Player 2.0
Error Fix
FLAC 1.2.1b (remove only)
Free Audio Editor
Google Calendar Sync
Google Chrome
Google Talk (remove only)
Google Update Helper
GoToAssist Corporate
Hardware Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperMediaCenter
Instant CD & DVD Burner
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 5.0.0 (Full)
L&H TTS3000 British English
LG USB Modem Driver
LifeFrame2
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MCCI(r)Firmware Update Driver for MTK
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
OGA Notifier 2.0.0048.0
PdaNet for Android 2.41
PDF Settings
PEAK DVB-T Drivers
Power4Gear eXtreme
PowerForPhone
PowerISO
QuickTime
RealPlayer
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RioDVD Region Free Player
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sibelius 5
Sibelius Scorch (Firefox, Opera, Netscape only)
Skins
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
Spotify
Synaptics Pointing Device Driver
The Extractor
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
USB2.0 1.3M WebCam
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.1
Vodafone Mobile Connect Lite Huawei
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 2
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
15/03/2011 1.52.53 pm, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
15/03/2011 1.50.34 pm, Error: Service Control Manager [7022] - The KService service hung on starting.
15/03/2011 1.49.56 pm, Error: Service Control Manager [7000] - The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.
15/03/2011 1.46.46 pm, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
15/03/2011 1.11.27 pm, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
15/03/2011 1.00.17 pm, Error: EventLog [6008] - The previous system shutdown at 12:58:26 on 15/03/2011 was unexpected.
.
==== End Of File ===========================
 
Welcome to TechSpot! There was a slight delay in getting your post through. You can now post the additional logs. That will be the other DDS log titled DDS.txt, GMER and Malwarebeytes as well as completing the additional steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I will review the logs when they have all been submitted.

Please do not start another thread due to the delay. Leave all logs and descriptions about the redirect on this thread.

Please do not do another System Restore while I am helping you. At this point, I cannot determine if the BSOD or desktop problem are malware related.
 
separate logs

i had in fact put these in, but for some reason, they didn't show up. here you are, with them separately. i also already did the 8 steps


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6064

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

15/03/2011 1.44.40 pm
mbam-log-2011-03-15 (13-44-40).txt

Scan type: Quick scan
Objects scanned: 175578
Time elapsed: 14 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 53
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}

(Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.ClientDetector (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.ClientDetector.1 (Adware.Zango) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.UserProfiles (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.UserProfiles.1 (Adware.Zango) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3ps

s (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com

(Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted

successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Paul\AppData\Roaming\error fix (Rogue.ErrorFix) ->

Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Logs (Rogue.ErrorFix) ->

Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results (Rogue.ErrorFix) ->

Quarantined and deleted successfully.
c:\program files\error fix (Rogue.ErrorFix) -> Quarantined and deleted

successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix

(Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Paul\AppData\Roaming\error fix\Logs\2009-07-16 13-33-120.log

(Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Evidence.db

(Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Junk.db

(Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Registry.db

(Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Update.db

(Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix\definitions.db (Rogue.ErrorFix) ->

Quarantined and deleted successfully.
c:\program files\error fix\error fix.exe (Rogue.ErrorFix) ->

Quarantined and deleted successfully.
c:\program files\error fix\error fix.url (Rogue.ErrorFix) ->

Quarantined and deleted successfully.
c:\program files\error fix\privacy.db (Rogue.ErrorFix) -> Quarantined

and deleted successfully.
c:\program files\error fix\startup.db (Rogue.ErrorFix) -> Quarantined

and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix\error

fix help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix\error

fix on the web.lnk (Rogue.ErrorFix) -> Quarantined and deleted

successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix\error

fix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-15 14:19:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 ->

\Device\Ide\IdeDeviceP1T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: t70mlizy.exe; Driver:

C:\Users\Paul\AppData\Local\Temp\kxlyrpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self

protection module/AVAST Software) ZwCreateProcessEx [0x916F98DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self

protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self

protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs

aswSP.SYS (avast! self protection

module/AVAST Software)
Device \FileSystem\fastfat \Fat

aswSP.SYS (avast! self protection

module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat

fltmgr.sys (Microsoft Filesystem

Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp

aswTdi.SYS (avast! TDI Filter

Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp

bdftdif.sys
AttachedDevice \Driver\tdx \Device\Udp

aswTdi.SYS (avast! TDI Filter

Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp

bdftdif.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:260]

869F0E84
Thread System [4:264]

869F3084

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Paul at 14.22.36.22 on 15/03/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium

6.0.6002.2.1252.44.1033.18.2047.892 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-

930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-

A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files\Common Files\BitDefender\BitDefender

Communicator\xcommsvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft\Search Enhancement

Pack\SCServer\SCServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe -kbdx
C:\Program Files\Common Files\BitDefender\BitDefender Update

Service\livesrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Paul\Desktop\cleaning\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.asus.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-

0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-

784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c}

- c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer:

{3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-

1449a49795f4} - c:\program files\divx\divx plus web

player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program

files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} -

c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e}

- c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} -

c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-

5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-

75d54c110a7d} - c:\program

files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program

files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -

c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-

100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn

toolbar\platform\6.3.2322.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program

files\avast software\avast\aswWebRepIE.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12

\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

8.0\reader\Reader_sl.exe"
mRun: [TaskTray]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe"

/nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program

files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\paul\appdata\roaming\micros~1

\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program

files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1

\programs\startup\google~1.lnk - c:\program files\google\google

calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12

\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth

software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\belkin\bluetooth

software\btsendto_ie_ctx.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C

-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980

-D32B190E9B07} - c:\program files\skype\toolbars\internet

explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B

-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program

files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570

\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-

52453494e6cd} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} -

c:\program files\dvd region+css free\DVDShell.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -

c:\users\paul\appdata\roaming\mozilla\firefox\profiles\t0dqjjmy.defaul

t\
FF - prefs.js: browser.search.defaulturl -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39

\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint media

player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-

3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -

c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -

c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-

ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-

80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-

4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web

player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} -

c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-

80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-

08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-10

371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-10

301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3

-10 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys

[2011-3-10 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast

software\avast\AvastSvc.exe [2011-3-10 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32

\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32

\StkCSrv.exe [2007-2-7 24576]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32

\Wacom_Tablet.exe [2010-5-24 5010288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2009-6-14 24652]
R2 VMCService;Vodafone Mobile Connect Service;c:\program

files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13

24576]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010

-5-9 9472]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32

\drivers\StkCMini.sys [2007-2-13 1245056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-5-5 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2071-07-25 09:13:30 203576 ------w- c:\program

files\microsoft games\age of empires iii\autopatcher2.exe
2011-03-15 13:27:50 -------- d-----w-

c:\users\paul\appdata\roaming\Malwarebytes
2011-03-15 13:27:23 38224 ----a-w- c:\windows\system32

\drivers\mbamswissarmy.sys
2011-03-15 13:27:17 -------- d-----w- c:\progra~2

\Malwarebytes
2011-03-15 13:27:10 -------- d-----w- c:\program

files\Malwarebytes' Anti-Malware
2011-03-14 18:58:27 5943120 ----a-w- c:\progra~2

\microsoft\windows defender\definition updates\{2cb280aa-e8df-463c-

931e-d1183cbbba70}\mpengine.dll
2011-03-14 12:25:08 -------- d-----w- c:\program

files\Spybot - Search & Destroy
2011-03-14 12:25:08 -------- d-----w- c:\progra~2

\Spybot - Search & Destroy
2011-03-14 12:18:34 -------- dc----w- c:\progra~2

\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
2011-03-13 20:08:22 -------- d-----w- c:\progra~2

\pEgMjLh12800
2011-03-11 16:31:48 -------- d--h--w- c:\progra~2

\Common Files
2011-03-11 16:27:44 -------- d-----w- c:\progra~2

\AVG10
2011-03-11 16:24:30 -------- d-----w- c:\program

files\AVG
2011-03-11 16:05:59 -------- d-----w- c:\progra~2

\MFAData
2011-03-10 17:39:56 371544 ----a-w- c:\windows\system32

\drivers\aswSnx.sys
2011-03-10 17:39:55 53592 ----a-w- c:\windows\system32

\drivers\aswMonFlt.sys
2011-03-10 17:37:40 40648 ----a-w- c:\windows\avastSS.scr
2011-03-10 17:37:18 -------- d-----w- c:\program

files\AVAST Software
2011-03-10 17:37:18 -------- d-----w- c:\progra~2

\AVAST Software
2011-03-09 08:46:14 -------- d-----w- c:\windows\en
2011-03-09 03:48:13 429056 ----a-w- c:\windows\system32

\EncDec.dll
2011-03-09 03:48:13 322560 ----a-w- c:\windows\system32

\sbe.dll
2011-03-09 03:48:13 177664 ----a-w- c:\windows\system32

\mpg2splt.ax
2011-03-09 03:48:13 153088 ----a-w- c:\windows\system32

\sbeio.dll
2011-03-09 03:48:11 2067968 ----a-w- c:\windows\system32

\mstscax.dll
2011-03-09 03:48:10 677888 ----a-w- c:\windows\system32

\mstsc.exe
2011-02-28 10:54:00 -------- d-----w-

c:\users\paul\appdata\local\DDMSettings
2011-02-23 03:02:09 2048 ----a-w- c:\windows\system32

\winrsmgr.dll
2011-02-13 21:46:42 -------- d-----w- c:\program

files\MSN Toolbar
2011-02-13 21:45:55 -------- d-----w- c:\program

files\Bing Bar Installer
2011-02-13 21:45:39 69464 ----a-w- c:\windows\system32

\XAPOFX1_3.dll
2011-02-13 21:45:39 515416 ----a-w- c:\windows\system32

\XAudio2_5.dll
2011-02-13 21:45:39 453456 ----a-w- c:\windows\system32

\d3dx10_42.dll
2011-02-13 18:07:13 469256 ----a-w- c:\program

files\common files\windows

live\.cache\d573f7921cbcba82b\InstallManager_WLE_WLE.exe
2011-02-13 18:06:08 15712 ----a-w- c:\program

files\common files\windows

live\.cache\b01039071cbcba81f\MeshBetaRemover.exe
2011-02-13 18:05:12 94040 ----a-w- c:\program

files\common files\windows live\.cache\8e729ba01cbcba818\DSETUP.dll
2011-02-13 18:05:12 525656 ----a-w- c:\program

files\common files\windows live\.cache\8e729ba01cbcba818\DXSETUP.exe
2011-02-13 18:05:12 1691480 ----a-w- c:\program

files\common files\windows live\.cache\8e729ba01cbcba818\dsetup32.dll
2011-02-13 18:05:10 94040 ----a-w- c:\program

files\common files\windows live\.cache\8bf4224f1cbcba817\DSETUP.dll
2011-02-13 18:05:10 525656 ----a-w- c:\program

files\common files\windows live\.cache\8bf4224f1cbcba817\DXSETUP.exe
2011-02-13 18:05:10 1691480 ----a-w- c:\program

files\common files\windows live\.cache\8bf4224f1cbcba817\dsetup32.dll
2011-02-13 18:02:30 -------- d-----w-

c:\users\paul\appdata\local\Windows Live
2011-02-13 18:01:11 754688 ----a-w- c:\windows\system32

\webservices.dll
.
==================== Find3M ====================
.
2011-03-15 14:25:07 81984 ----a-w- c:\windows\system32

\bdod.bin
2011-03-15 13:48:48 45056 ----a-w- c:\windows\system32

\acovcnt.exe
2011-02-02 17:11:20 222080 ------w- c:\windows\system32

\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32

\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32

\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32

\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32

\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32

\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32

\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32

\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32

\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32

\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32

\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32

\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32

\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32

\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32

\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32

\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32

\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32

\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32

\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32

\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32

\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32

\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32

\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32

\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32

\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32

\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32

\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32

\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32

\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32

\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32

\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32

\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32

\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32

\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32

\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32

\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32

\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32

\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32

\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32

\mshtml.tlb
.
============= FINISH: 14.27.01.69 ===============
 
I apologize for the extra trouble, but I'd like you to post the logs again: When you open Notepad for a log, click on Format> Uncheck 'Word Wrap'> then continue with the log It is very difficult to read the entries when they wrap on 3 or 4 lines.

The logs can be found here:
Mbam>> C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
GMER>> gmer.log
DDS>> 2 logs>> DDS.txt and .Attach.txt

Click anywhere on the log screen> Ctrl A (this will highlight)> Ctrl C (this will copy)> Open Notepad> Uncheck Word Wrap> Ctrl V (this will paste the log in Notepad.) and it will format correctly. You then paste the formatted log from Notepad into your reply.

Here's an example of the difference: Your entry with Word Wrap on:
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-

784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
Click to expand...
How it should show:
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\commonfiles\adobe\acrobat\activex\AcroIEHelper.dll
Click to expand...

If I have to put each entry together like this, I might not get finished!
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6064

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

15/03/2011 1.44.40 pm
mbam-log-2011-03-15 (13-44-40).txt

Scan type: Quick scan
Objects scanned: 175578
Time elapsed: 14 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 53
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.ClientDetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.ClientDetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.UserProfiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.UserProfiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Paul\AppData\Roaming\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Paul\AppData\Roaming\error fix\Logs\2009-07-16 13-33-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Paul\AppData\Roaming\error fix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix\definitions.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix\error fix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix\error fix.url (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix\privacy.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files\error fix\startup.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix\error fix help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix\error fix on the web.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\error fix\error fix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.


---------------------


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-15 14:19:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: t70mlizy.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kxlyrpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x916F98DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:260] 869F0E84
Thread System [4:264] 869F3084

---- EOF - GMER 1.0.15 ----


--------------------


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Paul at 14.22.36.22 on 15/03/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.892 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe -kbdx
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Paul\Desktop\cleaning\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.asus.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TaskTray]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\t0dqjjmy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-10 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-10 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-10 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-10 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2007-2-7 24576]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-5-24 5010288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-14 24652]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-5-9 9472]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2007-2-13 1245056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2071-07-25 09:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-03-15 13:27:50 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
2011-03-15 13:27:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 13:27:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-15 13:27:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-14 18:58:27 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2cb280aa-e8df-463c-931e-d1183cbbba70}\mpengine.dll
2011-03-14 12:25:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-14 12:25:08 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-14 12:18:34 -------- dc----w- c:\progra~2\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
2011-03-13 20:08:22 -------- d-----w- c:\progra~2\pEgMjLh12800
2011-03-11 16:31:48 -------- d--h--w- c:\progra~2\Common Files
2011-03-11 16:27:44 -------- d-----w- c:\progra~2\AVG10
2011-03-11 16:24:30 -------- d-----w- c:\program files\AVG
2011-03-11 16:05:59 -------- d-----w- c:\progra~2\MFAData
2011-03-10 17:39:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-10 17:39:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-10 17:37:40 40648 ----a-w- c:\windows\avastSS.scr
2011-03-10 17:37:18 -------- d-----w- c:\program files\AVAST Software
2011-03-10 17:37:18 -------- d-----w- c:\progra~2\AVAST Software
2011-03-09 08:46:14 -------- d-----w- c:\windows\en
2011-03-09 03:48:13 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 03:48:13 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 03:48:13 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 03:48:13 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 03:48:11 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 03:48:10 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-28 10:54:00 -------- d-----w- c:\users\paul\appdata\local\DDMSettings
2011-02-23 03:02:09 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-13 21:46:42 -------- d-----w- c:\program files\MSN Toolbar
2011-02-13 21:45:55 -------- d-----w- c:\program files\Bing Bar Installer
2011-02-13 21:45:39 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-13 21:45:39 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-13 21:45:39 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-13 18:07:13 469256 ----a-w- c:\program files\common files\windows live\.cache\d573f7921cbcba82b\InstallManager_WLE_WLE.exe
2011-02-13 18:06:08 15712 ----a-w- c:\program files\common files\windows live\.cache\b01039071cbcba81f\MeshBetaRemover.exe
2011-02-13 18:05:12 94040 ----a-w- c:\program files\common files\windows live\.cache\8e729ba01cbcba818\DSETUP.dll
2011-02-13 18:05:12 525656 ----a-w- c:\program files\common files\windows live\.cache\8e729ba01cbcba818\DXSETUP.exe
2011-02-13 18:05:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\8e729ba01cbcba818\dsetup32.dll
2011-02-13 18:05:10 94040 ----a-w- c:\program files\common files\windows live\.cache\8bf4224f1cbcba817\DSETUP.dll
2011-02-13 18:05:10 525656 ----a-w- c:\program files\common files\windows live\.cache\8bf4224f1cbcba817\DXSETUP.exe
2011-02-13 18:05:10 1691480 ----a-w- c:\program files\common files\windows live\.cache\8bf4224f1cbcba817\dsetup32.dll
2011-02-13 18:02:30 -------- d-----w- c:\users\paul\appdata\local\Windows Live
2011-02-13 18:01:11 754688 ----a-w- c:\windows\system32\webservices.dll
.
==================== Find3M ====================
.
2011-03-15 14:25:07 81984 ----a-w- c:\windows\system32\bdod.bin
2011-03-15 13:48:48 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14.27.01.69 ===============



------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 26/10/2007 2.17.24 am
System Uptime: 15/03/2011 1.47.55 pm (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | F5VL
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 7.715 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 2.557 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1301: 12/03/2011 11.34.32 am - Scheduled Checkpoint
RP1302: 12/03/2011 2.19.23 pm - avast! Free Antivirus Setup
RP1303: 14/03/2011 12.15.46 am - Removed Bonjour
RP1304: 14/03/2011 12.17.52 am - Removed Apple Mobile Device Support
RP1305: 14/03/2011 6.56.25 pm - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4oD
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.6
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Uninstaller
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
avast! Free Antivirus
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin Bluetooth Software
Bing Bar
Bing Bar Platform
Bingo Cafe UK
BitDefender Antivirus 2008
Bonjour
BroadJump Client Foundation
BT Broadband Desktop Help
BT Broadband Support Tools
BT Yahoo! Applications
BTHomeHub
Burn4Free CD & DVD 4.9.0.0
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
D3DX10
DivX Setup
Download Updater (AOL LLC)
DVD Region+CSS Free 5.9.8.3
Easy DVD Player 2.0
Error Fix
FLAC 1.2.1b (remove only)
Free Audio Editor
Google Calendar Sync
Google Chrome
Google Talk (remove only)
Google Update Helper
GoToAssist Corporate
Hardware Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperMediaCenter
Instant CD & DVD Burner
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 5.0.0 (Full)
L&H TTS3000 British English
LG USB Modem Driver
LifeFrame2
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MCCI(r)Firmware Update Driver for MTK
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
OGA Notifier 2.0.0048.0
PdaNet for Android 2.41
PDF Settings
PEAK DVB-T Drivers
Power4Gear eXtreme
PowerForPhone
PowerISO
QuickTime
RealPlayer
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RioDVD Region Free Player
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sibelius 5
Sibelius Scorch (Firefox, Opera, Netscape only)
Skins
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
Spotify
Synaptics Pointing Device Driver
The Extractor
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
USB2.0 1.3M WebCam
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.1
Vodafone Mobile Connect Lite Huawei
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 2
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
15/03/2011 1.52.53 pm, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
15/03/2011 1.50.34 pm, Error: Service Control Manager [7022] - The KService service hung on starting.
15/03/2011 1.49.56 pm, Error: Service Control Manager [7000] - The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.
15/03/2011 1.46.46 pm, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
15/03/2011 1.11.27 pm, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
15/03/2011 1.00.17 pm, Error: EventLog [6008] - The previous system shutdown at 12:58:26 on 15/03/2011 was unexpected.
.
==== End Of File ===========================
 
Oh that is so much better! Thank you. Keep this in mind whenever you have to post a log.

1. If you have 180solutions and/or Zango installed, please uninstall them if they appear in Add/Remove Programs.

2. Stay away from any of the Fun Web ........ sites. Those cursor, wallpaper, Smileys bring a lot of junk adware with them.

3. You also have a rogue program offering to 'fix errors'. If you get any Alerts from this, do not act on them.

4. Please uninstall all of these outdated Java programs:
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7

5. Check this site Java Updates and update to the current version v6u24.Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
===========================================
Mbam removed a lot of infected files, but there will be others, so please run the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
==================================================
Download Combofix to your desktop from one of these locations Link 1 or Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
First one run, here is the report:

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe probably a variant of Win32/TrojanDownloader.Agent.FDTXGPZ trojan
D:\Sibelius 5\BLESSiNG.exe probably a variant of Win32/Agent.JBLLXIL trojan


When I try running Combofix, it either tells me that it's corrupt or says in a dialog box: Patched Volsnap.sys !!
The driver 'VOLSNAP.SYS' is patched with a rootkit.

Attempting disinfection.

Be patient as this may take several minutes

-------------

But nothing more happens for at least one hour, and it never disconnects the machine from the Internet.
 
To remove the infected file from Eset:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
C:\Program Files\Windows Live\Messenger\msimg32.dll 
C:\Program Files\Windows Live\Messenger\riched20.dll 
C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe 
D:\Sibelius 5\BLESSiNG.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===============================================
What is Drive D?
=============================================
CyberLink.PowerDVD.Deluxe.v8.0.1531 has been pirated. You will have to remove the program to continue support.
=================================================
When that has been done:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
 
Drive D is purely a partition I keep for files. There is no operating system on it.

Result of OTM:


All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\msimg32.dll moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\riched20.dll
C:\Program Files\Windows Live\Messenger\riched20.dll moved successfully.
C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe moved successfully.
D:\Sibelius 5\BLESSiNG.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paul
->Temp folder emptied: 1230493 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8569512 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4513 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4037039 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 8030 bytes
RecycleBin emptied: 16251597 bytes

Total Files Cleaned = 29.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03192011_131930

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



------------------------


TDSSkiller won't run. It downloads fine, but when I try double-clicking it, literally nothing happens.
 
Try this please: Download RootRepeal[/bfrom one of the following links and save it to your Desktop.
NOTE: You can download it in either RAR or ZIP format. Use whatever is easiest for you.
http://rootrepeal.googlepages.com/RootRepeal.rar,
http://rootrepeal.googlepages.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.rar

NOTE: If you have problems downloading the file due to a message about bandwidth limits, try one of the other links.
  1. Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop.
  2. Disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.
  3. Double click on RootRepeal.exe to run.
  4. click the Files tab and then click the Scan button (on lower part of screen)
  5. A Select Drives form will open. Select all of your drives by checking the boxes and then click OK.
  6. Scan will start> Wait for it to finish. It can take awhile depending on how many drives, how many files, how many folders...etc. Be patient.
  7. When finished, click Save Report and save it to your Desktop) Name it RRlog.txt
    NOTE: If you do not know how to use the Save As feature with Location and Name of file, let me know and I'll give you a screenshot.
  8. Paste the log into your next message..
 
I tried running rootrepeal a few times, but it comes up with the error message 'Memory access at 0x000004,' or something very similar. It seems not to complete after this, even if I leave it for a long time.
 
Also, just recently, I will occasionally hear an advertisement that I recognise from the television, but which doesn't have a window in which it could be playing.
 
Okay, I need to know what this is exactly, not "something like." You can look in the Event Viewer System and Apps logs to find the Error that corresponds to the time of the message. Force the error if needed, check time on computer clock, write the time down, do the following:

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

  • Select log to query, select
  • Application
  • System

    Under Select type to list, select:
  • Critical (Vista only)
  • Error

    Click the radio button for Number of events
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.

    Load the log
  • In Notepad, click Edit> Select all
  • Then press Edit > Copy
  • Press Ctrl+V on your keyboard to paste the log to your next reply.
(Courtesy rev-Olie)

I want to mention that one of the entries Mbam found was the Rogue.Error.Fix. This malware created an alert for an error you really don't have in an attempt t get you to click on their site to fix it. Please don't act on any error messages until we can verify them.
 
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 31/03/2011 4.58.20 pm

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2011 10.28:16pm
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application djview.exe, version 0.0.0.0, time stamp 0x4d771922, faulting module MSVCR100.dll, version 10.0.30319.1, time stamp 0x4ba1dbbe, exception code 0xc0000417, fault offset 0x0008ae6e, process id 0x1710, application start time 0x01cbef296f2f134a.

Log: 'Application' Date/Time: 30/03/2011 9.33:13pm
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application djview.exe, version 0.0.0.0, time stamp 0x4d771922, faulting module MSVCR100.dll, version 10.0.30319.1, time stamp 0x4ba1dbbe, exception code 0xc0000417, fault offset 0x0008ae6e, process id 0x1528, application start time 0x01cbef21c4b2f7a3.

Log: 'Application' Date/Time: 30/03/2011 12.13:37pm
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 23c8 Start Time: 01cbec08b444ea52 Termination Time: 3085

Log: 'Application' Date/Time: 30/03/2011 12.04:25pm
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 8f8 Start Time: 01cbea877770c987 Termination Time: 13269

Log: 'Application' Date/Time: 23/03/2011 3.09:02pm
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 14b8 Start Time: 01cbe914bad72269 Termination Time: 281

Log: 'Application' Date/Time: 23/03/2011 3.22:02am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 19/03/2011 4.51:32am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 18/03/2011 4.25:22am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 17/03/2011 10.39:21am
Type: Error Category: 0
Event: 11722 Source: MsiInstaller
Product: Java(TM) 6 Update 12 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action FilesInUseDialog, location: C:\Windows\Installer\MSIF097.tmp, command: C:\Program Files\Java\jre6\

Log: 'Application' Date/Time: 17/03/2011 5.00:33am
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {828bdb51-ec89-4fed-8c4b-4ca4734132a1}

Log: 'Application' Date/Time: 16/03/2011 8.38:43am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 16/03/2011 8.38:43am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
The event description cannot be found.

Log: 'Application' Date/Time: 16/03/2011 8.38:43am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
The event description cannot be found.

Log: 'Application' Date/Time: 16/03/2011 8.38:43am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
The event description cannot be found.

Log: 'Application' Date/Time: 16/03/2011 3.23:35am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 15/03/2011 9.45:02pm
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 14/03/2011 9.21:06pm
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

Log: 'Application' Date/Time: 14/03/2011 12.21:15pm
Type: Error Category: 0
Event: 100 Source: Microsoft Security Client Setup
The event description cannot be found.

Log: 'Application' Date/Time: 14/03/2011 12.03:19pm
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 14/03/2011 11.39:57am
Type: Error Category: 0
Event: 1 Source: TabletServiceWacom
TabletService Error: Could not init tablet driver

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2011 12.27:34pm
Type: Error Category: 0
Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Log: 'System' Date/Time: 30/03/2011 12.27:34pm
Type: Error Category: 0
Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Log: 'System' Date/Time: 30/03/2011 12.25:12pm
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The KService service hung on starting.

Log: 'System' Date/Time: 30/03/2011 12.23:43pm
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.

Log: 'System' Date/Time: 30/03/2011 12.18:50pm
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F40211E8-05C9-4430-B832-041A5ECD7FA2} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/03/2011 1.03:23am
Type: Error Category: 0
Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Log: 'System' Date/Time: 25/03/2011 1.03:23am
Type: Error Category: 0
Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Log: 'System' Date/Time: 25/03/2011 12.59:12am
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The KService service hung on starting.

Log: 'System' Date/Time: 25/03/2011 12.56:49am
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.

Log: 'System' Date/Time: 25/03/2011 12.56:10am
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 23:35:22 on 24/03/2011 was unexpected.

Log: 'System' Date/Time: 23/03/2011 3.25:40am
Type: Error Category: 0
Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Log: 'System' Date/Time: 23/03/2011 3.25:40am
Type: Error Category: 0
Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Log: 'System' Date/Time: 23/03/2011 3.23:30am
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The KService service hung on starting.

Log: 'System' Date/Time: 23/03/2011 3.22:13am
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.

Log: 'System' Date/Time: 23/03/2011 3.19:49am
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk0\DR0.

Log: 'System' Date/Time: 23/03/2011 3.19:49am
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk0\DR0.

Log: 'System' Date/Time: 23/03/2011 3.19:49am
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk0\DR0.

Log: 'System' Date/Time: 23/03/2011 3.19:49am
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk0\DR0.

Log: 'System' Date/Time: 23/03/2011 3.19:49am
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk0\DR0.

Log: 'System' Date/Time: 23/03/2011 3.19:49am
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk0\DR0.
 
Did you look at the clock when you got the message? What was the time? The date? There are 20 Error Events here. I'm trying to see is I can determine the cause of this Error:
error message 'Memory access at 0x000004,' or something very similar.
Click to expand...

All of the Errors are time-coded.
 
I'm afraid I can't remember. Thank you for your patience with my problems - perhaps if I run the program again?
 
Regarding BLESSiNG.exe: This is cloaked malware and it's on a file you saved to the D Partition. It's on the Sibelius 5 software. IF you got the program on a torrent site, it most likely came from there. But now you have malware on the partition

Regarding the memory error: you got it when you tried to either download or run RootRepeal:
I tried running rootrepeal a few times, but it comes up with the error message 'Memory access at 0x000004,' or something very similar.
Click to expand...

I'd like you to try and run it again to force the Error so you can check the time. You are looking for an Error at that same time. I'm going to give you a shortcut:

Click on Start> Run> type in eventvwr> enter> Click on both System & Apps, one at a time. Look for an Error, a clear circle with a red X on top of it for the same time you got the Error message. Double click that Error> click on Copy button> Paste it here. Check both the System and App logs.

You can find screenshots of the Vista Event Viewer HERE Once you have type the text in Run, the Event Viewer will be displayed, so skip the 'launch' information and scroll down to the screenshots.

After you have done that, please give me a recap of the 'general trouble' you are having.
 
This time, rootrepeal crashed and left the following file on the desktop:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x004cbf6b
Attempt to read from address: 0x00000004


I couldn't find any error in the event viewer that matched the time, which was stated in the name of the file thus: RootRepeal_crash_040411.111637
 
Oh, the general trouble now is simply that links on pages in browsers get redirected from search engine results elsewhere. Other than that, I detect no problems.
 
Please update and run a new Malwarebytes scan.

Follow with new Eset online virus scan:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6273

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

05/04/2011 4.22.01 pm
mbam-log-2011-04-05 (16-22-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 377537
Time elapsed: 4 hour(s), 31 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\_OTM\movedfiles\03192011_131930\c_program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\03192011_131930\c_program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\03192011_131930\C_Users\Paul\documents\downloads\cyberlink.powerdvd.deluxe.v8.0.1531 with keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\03192011_131930\d_sibelius 5\BLESSiNG.exe (Trojan.Agent) -> Quarantined and deleted successfully.




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f00d883e7b8c5440a6c6c86da0101444
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-17 02:02:33
# local_time=2011-03-17 02:02:33 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 298287 298287 0 0
# compatibility_mode=5892 16776573 100 100 160189 137892683 0 0
# compatibility_mode=8192 67108863 100 0 3950 3950 0 0
# scanned=205552
# found=4
# cleaned=0
# scan_time=10597
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe probably a variant of Win32/TrojanDownloader.Agent.FDTXGPZ trojan (unable to clean) 00000000000000000000000000000000 I
D:\Sibelius 5\BLESSiNG.exe probably a variant of Win32/Agent.JBLLXIL trojan (unable to clean) 00000000000000000000000000000000 I



I note that ESET finished and reported no infections.
 
Mbam show the previous removals in OTM> there is no new in Mbam> current log

Eset log you left is the original one: 2011-03-17 02:02:33 Please update Eset and run a new scan.

It is possible that the Eset scan could find something that Mbam did not. The only way to be sure is to update and run a new scan.
 
It doesn't seem to matter what I do in terms of downloading and updating the ESET - it just keeps finishing, reporting no problem and doesn't produce any more up-to-date log than the one previously submitted.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
A
Recent Windows update wants to snoop through users' Office data
Replies
7
Views
839
lazer
lazer
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back