TechSpot

General trouble - 8 steps conducted

By xaetium
Mar 15, 2011
  1. Browser redirects search engine results to random sites, occasional blue screen, seemingly at random, sometimes the desktop changes into something horrendous and I cannot run any program. The latter has been fixed with a restore to a previous version, after which I ran your 8 step program and here is the result:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 26/10/2007 2.17.24 am
    System Uptime: 15/03/2011 1.47.55 pm (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | F5VL
    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 7.715 GiB free.
    D: is FIXED (NTFS) - 68 GiB total, 2.557 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1301: 12/03/2011 11.34.32 am - Scheduled Checkpoint
    RP1302: 12/03/2011 2.19.23 pm - avast! Free Antivirus Setup
    RP1303: 14/03/2011 12.15.46 am - Removed Bonjour
    RP1304: 14/03/2011 12.17.52 am - Removed Apple Mobile Device Support
    RP1305: 14/03/2011 6.56.25 pm - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4oD
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.2.6
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AIM 7
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE v.6.80
    ASUS InstantFun
    ASUS Live Update
    ASUS Splendid Video Enhancement Technology
    ASUS Touch Pad Extra
    Asus_Camera_ScreenSaver
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    ATI Uninstaller
    ATK Hotkey
    ATK Media
    ATKOSD2
    µTorrent
    avast! Free Antivirus
    BBC iPlayer Desktop
    BBC iPlayer Download Manager
    Belkin Bluetooth Software
    Bing Bar
    Bing Bar Platform
    Bingo Cafe UK
    BitDefender Antivirus 2008
    Bonjour
    BroadJump Client Foundation
    BT Broadband Desktop Help
    BT Broadband Support Tools
    BT Yahoo! Applications
    BTHomeHub
    Burn4Free CD & DVD 4.9.0.0
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-Branding
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner (remove only)
    D3DX10
    DivX Setup
    Download Updater (AOL LLC)
    DVD Region+CSS Free 5.9.8.3
    Easy DVD Player 2.0
    Error Fix
    FLAC 1.2.1b (remove only)
    Free Audio Editor
    Google Calendar Sync
    Google Chrome
    Google Talk (remove only)
    Google Update Helper
    GoToAssist Corporate
    Hardware Helper
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HyperMediaCenter
    Instant CD & DVD Burner
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    K-Lite Codec Pack 5.0.0 (Full)
    L&H TTS3000 British English
    LG USB Modem Driver
    LifeFrame2
    LightScribe 1.4.142.1
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    MCCI(r)Firmware Update Driver for MTK
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 6.0 Professional Edition
    Microsoft Web Publishing Wizard 1.53
    Motorola SM56 Speakerphone Modem
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NB Probe
    OGA Notifier 2.0.0048.0
    PdaNet for Android 2.41
    PDF Settings
    PEAK DVB-T Drivers
    Power4Gear eXtreme
    PowerForPhone
    PowerISO
    QuickTime
    RealPlayer
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RioDVD Region Free Player
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Sibelius 5
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Skins
    Skype™ 3.8
    Smart Menus (Windows Live Toolbar)
    Spotify
    Synaptics Pointing Device Driver
    The Extractor
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    USB2.0 1.3M WebCam
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    VLC media player 1.0.1
    Vodafone Mobile Connect Lite Huawei
    Wacom Tablet
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 2
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/03/2011 1.52.53 pm, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    15/03/2011 1.50.34 pm, Error: Service Control Manager [7022] - The KService service hung on starting.
    15/03/2011 1.49.56 pm, Error: Service Control Manager [7000] - The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.
    15/03/2011 1.46.46 pm, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    15/03/2011 1.11.27 pm, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
    15/03/2011 1.00.17 pm, Error: EventLog [6008] - The previous system shutdown at 12:58:26 on 15/03/2011 was unexpected.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! There was a slight delay in getting your post through. You can now post the additional logs. That will be the other DDS log titled DDS.txt, GMER and Malwarebeytes as well as completing the additional steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I will review the logs when they have all been submitted.

    Please do not start another thread due to the delay. Leave all logs and descriptions about the redirect on this thread.

    Please do not do another System Restore while I am helping you. At this point, I cannot determine if the BSOD or desktop problem are malware related.
     
  3. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    separate logs

    i had in fact put these in, but for some reason, they didn't show up. here you are, with them separately. i also already did the 8 steps


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6064

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    15/03/2011 1.44.40 pm
    mbam-log-2011-03-15 (13-44-40).txt

    Scan type: Quick scan
    Objects scanned: 175578
    Time elapsed: 14 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 53
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}

    (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

    Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

    (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

    Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

    (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\

    {9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

    (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.ClientDetector (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.ClientDetector.1 (Adware.Zango) ->

    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.UserProfiles (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.UserProfiles.1 (Adware.Zango) -> Quarantined

    and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined

    and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and

    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

    Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3ps

    s (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com

    (Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted

    successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Users\Paul\AppData\Roaming\error fix (Rogue.ErrorFix) ->

    Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Logs (Rogue.ErrorFix) ->

    Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results (Rogue.ErrorFix) ->

    Quarantined and deleted successfully.
    c:\program files\error fix (Rogue.ErrorFix) -> Quarantined and deleted

    successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix

    (Rogue.ErrorFix) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\Paul\AppData\Roaming\error fix\Logs\2009-07-16 13-33-120.log

    (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Evidence.db

    (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Junk.db

    (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Registry.db

    (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Update.db

    (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix\definitions.db (Rogue.ErrorFix) ->

    Quarantined and deleted successfully.
    c:\program files\error fix\error fix.exe (Rogue.ErrorFix) ->

    Quarantined and deleted successfully.
    c:\program files\error fix\error fix.url (Rogue.ErrorFix) ->

    Quarantined and deleted successfully.
    c:\program files\error fix\privacy.db (Rogue.ErrorFix) -> Quarantined

    and deleted successfully.
    c:\program files\error fix\startup.db (Rogue.ErrorFix) -> Quarantined

    and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix\error

    fix help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix\error

    fix on the web.lnk (Rogue.ErrorFix) -> Quarantined and deleted

    successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix\error

    fix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
     
  4. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-15 14:19:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 ->

    \Device\Ide\IdeDeviceP1T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
    Running: t70mlizy.exe; Driver:

    C:\Users\Paul\AppData\Local\Temp\kxlyrpod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self

    protection module/AVAST Software) ZwCreateProcessEx [0x916F98DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self

    protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self

    protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs

    aswSP.SYS (avast! self protection

    module/AVAST Software)
    Device \FileSystem\fastfat \Fat

    aswSP.SYS (avast! self protection

    module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat

    fltmgr.sys (Microsoft Filesystem

    Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp

    aswTdi.SYS (avast! TDI Filter

    Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp

    bdftdif.sys
    AttachedDevice \Driver\tdx \Device\Udp

    aswTdi.SYS (avast! TDI Filter

    Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp

    bdftdif.sys

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:260]

    869F0E84
    Thread System [4:264]

    869F3084

    ---- EOF - GMER 1.0.15 ----
     
  5. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Paul at 14.22.36.22 on 15/03/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Home Premium

    6.0.6002.2.1252.44.1033.18.2047.892 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-

    930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-

    A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-

    DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\ATK Hotkey\KBFiltr.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkCSrv.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows

    Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows

    Live\WLIDSvcM.exe
    C:\Program Files\Common Files\BitDefender\BitDefender

    Communicator\xcommsvr.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ASUSTPE.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Microsoft\Search Enhancement

    Pack\SCServer\SCServer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\mdm.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Windows\System32\svchost.exe -kbdx
    C:\Program Files\Common Files\BitDefender\BitDefender Update

    Service\livesrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Paul\Desktop\cleaning\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mDefault_Page_URL = hxxp://www.asus.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-

    0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

    c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-

    784b7d6be0b3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c}

    - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer:

    {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

    files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-

    1449a49795f4} - c:\program files\divx\divx plus web

    player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program

    files\divx\divx plus web player\npdivx32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} -

    c:\program files\microsoft\search enhancement pack\search

    helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e}

    - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} -

    c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-

    5164760863c6} - c:\program files\common files\microsoft shared\windows

    live\WindowsLiveLogin.dll
    BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-

    75d54c110a7d} - c:\program

    files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program

    files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

    9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -

    c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-

    100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn

    toolbar\platform\6.3.2322.0\npwinext.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program

    files\avast software\avast\aswWebRepIE.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12

    \GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

    8.0\reader\Reader_sl.exe"
    mRun: [TaskTray]
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe"

    /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program

    files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\paul\appdata\roaming\micros~1

    \windows\startm~1\programs\startup\pdanet~1.lnk - c:\program

    files\pdanet for android\PdaNetPC.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1

    \programs\startup\google~1.lnk - c:\program files\google\google

    calendar sync\GoogleCalendarSync.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Windows &Live Favorites -

    http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12

    \EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\belkin\bluetooth

    software\btsendto_ie_ctx.htm
    IE: Send to &Bluetooth Device... - c:\program files\belkin\bluetooth

    software\btsendto_ie_ctx.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C

    -F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980

    -D32B190E9B07} - c:\program files\skype\toolbars\internet

    explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B

    -96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

    hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

    c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program

    files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570

    \G2AWinLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-

    52453494e6cd} - c:\program files\microsoft office\office12

    \GrooveShellExtensions.dll
    SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} -

    c:\program files\dvd region+css free\DVDShell.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -

    c:\users\paul\appdata\roaming\mozilla\firefox\profiles\t0dqjjmy.defaul

    t\
    FF - prefs.js: browser.search.defaulturl -

    hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

    sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL -

    hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

    sredir=2706&invocationType=tb50fftrab&query=
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39

    \npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
    FF - plugin: c:\program files\mozilla

    firefox\plugins\npBTEmailConfig.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media

    player\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

    files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-

    3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-

    ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-

    ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -

    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-

    ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -

    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-

    ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-

    ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-

    80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

    presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-

    4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web

    player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} -

    c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-

    80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-

    08825760534b}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-10

    371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-10

    301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3

    -10 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys

    [2011-3-10 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast

    software\avast\AvastSvc.exe [2011-3-10 42184]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32

    \svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32

    \StkCSrv.exe [2007-2-7 24576]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32

    \Wacom_Tablet.exe [2010-5-24 5010288]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

    files\viewpoint\common\ViewpointService.exe [2009-6-14 24652]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program

    files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13

    24576]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010

    -5-9 9472]
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32

    \drivers\StkCMini.sys [2007-2-13 1245056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

    v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

    \mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program

    files\google\update\GoogleUpdate.exe [2010-5-5 133104]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

    4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

    \wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2071-07-25 09:13:30 203576 ------w- c:\program

    files\microsoft games\age of empires iii\autopatcher2.exe
    2011-03-15 13:27:50 -------- d-----w-

    c:\users\paul\appdata\roaming\Malwarebytes
    2011-03-15 13:27:23 38224 ----a-w- c:\windows\system32

    \drivers\mbamswissarmy.sys
    2011-03-15 13:27:17 -------- d-----w- c:\progra~2

    \Malwarebytes
    2011-03-15 13:27:10 -------- d-----w- c:\program

    files\Malwarebytes' Anti-Malware
    2011-03-14 18:58:27 5943120 ----a-w- c:\progra~2

    \microsoft\windows defender\definition updates\{2cb280aa-e8df-463c-

    931e-d1183cbbba70}\mpengine.dll
    2011-03-14 12:25:08 -------- d-----w- c:\program

    files\Spybot - Search & Destroy
    2011-03-14 12:25:08 -------- d-----w- c:\progra~2

    \Spybot - Search & Destroy
    2011-03-14 12:18:34 -------- dc----w- c:\progra~2

    \{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
    2011-03-13 20:08:22 -------- d-----w- c:\progra~2

    \pEgMjLh12800
    2011-03-11 16:31:48 -------- d--h--w- c:\progra~2

    \Common Files
    2011-03-11 16:27:44 -------- d-----w- c:\progra~2

    \AVG10
    2011-03-11 16:24:30 -------- d-----w- c:\program

    files\AVG
    2011-03-11 16:05:59 -------- d-----w- c:\progra~2

    \MFAData
    2011-03-10 17:39:56 371544 ----a-w- c:\windows\system32

    \drivers\aswSnx.sys
    2011-03-10 17:39:55 53592 ----a-w- c:\windows\system32

    \drivers\aswMonFlt.sys
    2011-03-10 17:37:40 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-10 17:37:18 -------- d-----w- c:\program

    files\AVAST Software
    2011-03-10 17:37:18 -------- d-----w- c:\progra~2

    \AVAST Software
    2011-03-09 08:46:14 -------- d-----w- c:\windows\en
    2011-03-09 03:48:13 429056 ----a-w- c:\windows\system32

    \EncDec.dll
    2011-03-09 03:48:13 322560 ----a-w- c:\windows\system32

    \sbe.dll
    2011-03-09 03:48:13 177664 ----a-w- c:\windows\system32

    \mpg2splt.ax
    2011-03-09 03:48:13 153088 ----a-w- c:\windows\system32

    \sbeio.dll
    2011-03-09 03:48:11 2067968 ----a-w- c:\windows\system32

    \mstscax.dll
    2011-03-09 03:48:10 677888 ----a-w- c:\windows\system32

    \mstsc.exe
    2011-02-28 10:54:00 -------- d-----w-

    c:\users\paul\appdata\local\DDMSettings
    2011-02-23 03:02:09 2048 ----a-w- c:\windows\system32

    \winrsmgr.dll
    2011-02-13 21:46:42 -------- d-----w- c:\program

    files\MSN Toolbar
    2011-02-13 21:45:55 -------- d-----w- c:\program

    files\Bing Bar Installer
    2011-02-13 21:45:39 69464 ----a-w- c:\windows\system32

    \XAPOFX1_3.dll
    2011-02-13 21:45:39 515416 ----a-w- c:\windows\system32

    \XAudio2_5.dll
    2011-02-13 21:45:39 453456 ----a-w- c:\windows\system32

    \d3dx10_42.dll
    2011-02-13 18:07:13 469256 ----a-w- c:\program

    files\common files\windows

    live\.cache\d573f7921cbcba82b\InstallManager_WLE_WLE.exe
    2011-02-13 18:06:08 15712 ----a-w- c:\program

    files\common files\windows

    live\.cache\b01039071cbcba81f\MeshBetaRemover.exe
    2011-02-13 18:05:12 94040 ----a-w- c:\program

    files\common files\windows live\.cache\8e729ba01cbcba818\DSETUP.dll
    2011-02-13 18:05:12 525656 ----a-w- c:\program

    files\common files\windows live\.cache\8e729ba01cbcba818\DXSETUP.exe
    2011-02-13 18:05:12 1691480 ----a-w- c:\program

    files\common files\windows live\.cache\8e729ba01cbcba818\dsetup32.dll
    2011-02-13 18:05:10 94040 ----a-w- c:\program

    files\common files\windows live\.cache\8bf4224f1cbcba817\DSETUP.dll
    2011-02-13 18:05:10 525656 ----a-w- c:\program

    files\common files\windows live\.cache\8bf4224f1cbcba817\DXSETUP.exe
    2011-02-13 18:05:10 1691480 ----a-w- c:\program

    files\common files\windows live\.cache\8bf4224f1cbcba817\dsetup32.dll
    2011-02-13 18:02:30 -------- d-----w-

    c:\users\paul\appdata\local\Windows Live
    2011-02-13 18:01:11 754688 ----a-w- c:\windows\system32

    \webservices.dll
    .
    ==================== Find3M ====================
    .
    2011-03-15 14:25:07 81984 ----a-w- c:\windows\system32

    \bdod.bin
    2011-03-15 13:48:48 45056 ----a-w- c:\windows\system32

    \acovcnt.exe
    2011-02-02 17:11:20 222080 ------w- c:\windows\system32

    \MpSigStub.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32

    \dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32

    \d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32

    \d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32

    \d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32

    \d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32

    \cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32

    \winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32

    \stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32

    \mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32

    \printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32

    \mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32

    \mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32

    \xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32

    \XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32

    \printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32

    \OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32

    \XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32

    \XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32

    \MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32

    \MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32

    \mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32

    \mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32

    \d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32

    \d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32

    \d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32

    \DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32

    \FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32

    \atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32

    \atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32

    \win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32

    \odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32

    \wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32

    \licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32

    \inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32

    \iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32

    \iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32

    \html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32

    \ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32

    \mshtml.tlb
    .
    ============= FINISH: 14.27.01.69 ===============
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I apologize for the extra trouble, but I'd like you to post the logs again: When you open Notepad for a log, click on Format> Uncheck 'Word Wrap'> then continue with the log It is very difficult to read the entries when they wrap on 3 or 4 lines.

    The logs can be found here:
    Mbam>> C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    GMER>> gmer.log
    DDS>> 2 logs>> DDS.txt and .Attach.txt

    Click anywhere on the log screen> Ctrl A (this will highlight)> Ctrl C (this will copy)> Open Notepad> Uncheck Word Wrap> Ctrl V (this will paste the log in Notepad.) and it will format correctly. You then paste the formatted log from Notepad into your reply.

    Here's an example of the difference: Your entry with Word Wrap on:
    How it should show:
    If I have to put each entry together like this, I might not get finished!
     
  7. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6064

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    15/03/2011 1.44.40 pm
    mbam-log-2011-03-15 (13-44-40).txt

    Scan type: Quick scan
    Objects scanned: 175578
    Time elapsed: 14 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 53
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.ClientDetector (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.ClientDetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.UserProfiles (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ZangoAX.UserProfiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Users\Paul\AppData\Roaming\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\Paul\AppData\Roaming\error fix\Logs\2009-07-16 13-33-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Paul\AppData\Roaming\error fix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix\definitions.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix\error fix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix\error fix.url (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix\privacy.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\program files\error fix\startup.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix\error fix help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix\error fix on the web.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\error fix\error fix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.


    ---------------------


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-15 14:19:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
    Running: t70mlizy.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kxlyrpod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x916F98DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:260] 869F0E84
    Thread System [4:264] 869F3084

    ---- EOF - GMER 1.0.15 ----


    --------------------


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Paul at 14.22.36.22 on 15/03/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.892 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\ATK Hotkey\KBFiltr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkCSrv.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ASUSTPE.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\mdm.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Windows\System32\svchost.exe -kbdx
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Paul\Desktop\cleaning\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mDefault_Page_URL = hxxp://www.asus.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [TaskTray]
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
    IE: Send to &Bluetooth Device... - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\t0dqjjmy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-10 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-10 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-10 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-10 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-10 42184]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2007-2-7 24576]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-5-24 5010288]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-14 24652]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-5-9 9472]
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2007-2-13 1245056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 133104]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2071-07-25 09:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
    2011-03-15 13:27:50 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
    2011-03-15 13:27:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-15 13:27:17 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-15 13:27:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-14 18:58:27 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2cb280aa-e8df-463c-931e-d1183cbbba70}\mpengine.dll
    2011-03-14 12:25:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-14 12:25:08 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-03-14 12:18:34 -------- dc----w- c:\progra~2\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
    2011-03-13 20:08:22 -------- d-----w- c:\progra~2\pEgMjLh12800
    2011-03-11 16:31:48 -------- d--h--w- c:\progra~2\Common Files
    2011-03-11 16:27:44 -------- d-----w- c:\progra~2\AVG10
    2011-03-11 16:24:30 -------- d-----w- c:\program files\AVG
    2011-03-11 16:05:59 -------- d-----w- c:\progra~2\MFAData
    2011-03-10 17:39:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-10 17:39:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-03-10 17:37:40 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-10 17:37:18 -------- d-----w- c:\program files\AVAST Software
    2011-03-10 17:37:18 -------- d-----w- c:\progra~2\AVAST Software
    2011-03-09 08:46:14 -------- d-----w- c:\windows\en
    2011-03-09 03:48:13 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 03:48:13 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 03:48:13 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 03:48:13 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 03:48:11 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 03:48:10 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-02-28 10:54:00 -------- d-----w- c:\users\paul\appdata\local\DDMSettings
    2011-02-23 03:02:09 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-02-13 21:46:42 -------- d-----w- c:\program files\MSN Toolbar
    2011-02-13 21:45:55 -------- d-----w- c:\program files\Bing Bar Installer
    2011-02-13 21:45:39 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-02-13 21:45:39 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-02-13 21:45:39 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-02-13 18:07:13 469256 ----a-w- c:\program files\common files\windows live\.cache\d573f7921cbcba82b\InstallManager_WLE_WLE.exe
    2011-02-13 18:06:08 15712 ----a-w- c:\program files\common files\windows live\.cache\b01039071cbcba81f\MeshBetaRemover.exe
    2011-02-13 18:05:12 94040 ----a-w- c:\program files\common files\windows live\.cache\8e729ba01cbcba818\DSETUP.dll
    2011-02-13 18:05:12 525656 ----a-w- c:\program files\common files\windows live\.cache\8e729ba01cbcba818\DXSETUP.exe
    2011-02-13 18:05:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\8e729ba01cbcba818\dsetup32.dll
    2011-02-13 18:05:10 94040 ----a-w- c:\program files\common files\windows live\.cache\8bf4224f1cbcba817\DSETUP.dll
    2011-02-13 18:05:10 525656 ----a-w- c:\program files\common files\windows live\.cache\8bf4224f1cbcba817\DXSETUP.exe
    2011-02-13 18:05:10 1691480 ----a-w- c:\program files\common files\windows live\.cache\8bf4224f1cbcba817\dsetup32.dll
    2011-02-13 18:02:30 -------- d-----w- c:\users\paul\appdata\local\Windows Live
    2011-02-13 18:01:11 754688 ----a-w- c:\windows\system32\webservices.dll
    .
    ==================== Find3M ====================
    .
    2011-03-15 14:25:07 81984 ----a-w- c:\windows\system32\bdod.bin
    2011-03-15 13:48:48 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 14.27.01.69 ===============



    ------------------


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 26/10/2007 2.17.24 am
    System Uptime: 15/03/2011 1.47.55 pm (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | F5VL
    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 7.715 GiB free.
    D: is FIXED (NTFS) - 68 GiB total, 2.557 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1301: 12/03/2011 11.34.32 am - Scheduled Checkpoint
    RP1302: 12/03/2011 2.19.23 pm - avast! Free Antivirus Setup
    RP1303: 14/03/2011 12.15.46 am - Removed Bonjour
    RP1304: 14/03/2011 12.17.52 am - Removed Apple Mobile Device Support
    RP1305: 14/03/2011 6.56.25 pm - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4oD
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.2.6
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AIM 7
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE v.6.80
    ASUS InstantFun
    ASUS Live Update
    ASUS Splendid Video Enhancement Technology
    ASUS Touch Pad Extra
    Asus_Camera_ScreenSaver
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    ATI Uninstaller
    ATK Hotkey
    ATK Media
    ATKOSD2
    µTorrent
    avast! Free Antivirus
    BBC iPlayer Desktop
    BBC iPlayer Download Manager
    Belkin Bluetooth Software
    Bing Bar
    Bing Bar Platform
    Bingo Cafe UK
    BitDefender Antivirus 2008
    Bonjour
    BroadJump Client Foundation
    BT Broadband Desktop Help
    BT Broadband Support Tools
    BT Yahoo! Applications
    BTHomeHub
    Burn4Free CD & DVD 4.9.0.0
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-Branding
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner (remove only)
    D3DX10
    DivX Setup
    Download Updater (AOL LLC)
    DVD Region+CSS Free 5.9.8.3
    Easy DVD Player 2.0
    Error Fix
    FLAC 1.2.1b (remove only)
    Free Audio Editor
    Google Calendar Sync
    Google Chrome
    Google Talk (remove only)
    Google Update Helper
    GoToAssist Corporate
    Hardware Helper
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HyperMediaCenter
    Instant CD & DVD Burner
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    K-Lite Codec Pack 5.0.0 (Full)
    L&H TTS3000 British English
    LG USB Modem Driver
    LifeFrame2
    LightScribe 1.4.142.1
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    MCCI(r)Firmware Update Driver for MTK
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 6.0 Professional Edition
    Microsoft Web Publishing Wizard 1.53
    Motorola SM56 Speakerphone Modem
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NB Probe
    OGA Notifier 2.0.0048.0
    PdaNet for Android 2.41
    PDF Settings
    PEAK DVB-T Drivers
    Power4Gear eXtreme
    PowerForPhone
    PowerISO
    QuickTime
    RealPlayer
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RioDVD Region Free Player
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Sibelius 5
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Skins
    Skype™ 3.8
    Smart Menus (Windows Live Toolbar)
    Spotify
    Synaptics Pointing Device Driver
    The Extractor
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    USB2.0 1.3M WebCam
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    VLC media player 1.0.1
    Vodafone Mobile Connect Lite Huawei
    Wacom Tablet
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 2
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/03/2011 1.52.53 pm, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    15/03/2011 1.50.34 pm, Error: Service Control Manager [7022] - The KService service hung on starting.
    15/03/2011 1.49.56 pm, Error: Service Control Manager [7000] - The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.
    15/03/2011 1.46.46 pm, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    15/03/2011 1.11.27 pm, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
    15/03/2011 1.00.17 pm, Error: EventLog [6008] - The previous system shutdown at 12:58:26 on 15/03/2011 was unexpected.
    .
    ==== End Of File ===========================
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh that is so much better! Thank you. Keep this in mind whenever you have to post a log.

    1. If you have 180solutions and/or Zango installed, please uninstall them if they appear in Add/Remove Programs.

    2. Stay away from any of the Fun Web ........ sites. Those cursor, wallpaper, Smileys bring a lot of junk adware with them.

    3. You also have a rogue program offering to 'fix errors'. If you get any Alerts from this, do not act on them.

    4. Please uninstall all of these outdated Java programs:
    Java(TM) 6 Update 13
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7


    5. Check this site Java Updates and update to the current version v6u24.Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ===========================================
    Mbam removed a lot of infected files, but there will be others, so please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==================================================
    Download Combofix to your desktop from one of these locations Link 1 or Link 2
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  9. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    First one run, here is the report:

    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
    C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe probably a variant of Win32/TrojanDownloader.Agent.FDTXGPZ trojan
    D:\Sibelius 5\BLESSiNG.exe probably a variant of Win32/Agent.JBLLXIL trojan


    When I try running Combofix, it either tells me that it's corrupt or says in a dialog box: Patched Volsnap.sys !!
    The driver 'VOLSNAP.SYS' is patched with a rootkit.

    Attempting disinfection.

    Be patient as this may take several minutes

    -------------

    But nothing more happens for at least one hour, and it never disconnects the machine from the Internet.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    To remove the infected file from Eset:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Program Files\Windows Live\Messenger\msimg32.dll 
      C:\Program Files\Windows Live\Messenger\riched20.dll 
      C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe 
      D:\Sibelius 5\BLESSiNG.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===============================================
    What is Drive D?
    =============================================
    CyberLink.PowerDVD.Deluxe.v8.0.1531 has been pirated. You will have to remove the program to continue support.
    =================================================
    When that has been done:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
     
  11. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    Drive D is purely a partition I keep for files. There is no operating system on it.

    Result of OTM:


    All processes killed
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\msimg32.dll
    C:\Program Files\Windows Live\Messenger\msimg32.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\riched20.dll
    C:\Program Files\Windows Live\Messenger\riched20.dll moved successfully.
    C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe moved successfully.
    D:\Sibelius 5\BLESSiNG.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Temp folder emptied: 1230493 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8569512 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 4513 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4037039 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 8030 bytes
    RecycleBin emptied: 16251597 bytes

    Total Files Cleaned = 29.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 03192011_131930

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    ------------------------


    TDSSkiller won't run. It downloads fine, but when I try double-clicking it, literally nothing happens.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try this please: Download RootRepeal[/bfrom one of the following links and save it to your Desktop.
    NOTE: You can download it in either RAR or ZIP format. Use whatever is easiest for you.
    http://rootrepeal.googlepages.com/RootRepeal.rar,
    http://rootrepeal.googlepages.com/RootRepeal.zip
    http://ad13.geekstogo.com/RootRepeal.zip
    http://ad13.geekstogo.com/RootRepeal.rar

    NOTE: If you have problems downloading the file due to a message about bandwidth limits, try one of the other links.
    1. Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop.
    2. Disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.
    3. Double click on RootRepeal.exe to run.
    4. click the Files tab and then click the Scan button (on lower part of screen)
    5. A Select Drives form will open. Select all of your drives by checking the boxes and then click OK.
    6. Scan will start> Wait for it to finish. It can take awhile depending on how many drives, how many files, how many folders...etc. Be patient.
    7. When finished, click Save Report and save it to your Desktop) Name it RRlog.txt
      NOTE: If you do not know how to use the Save As feature with Location and Name of file, let me know and I'll give you a screenshot.
    8. Paste the log into your next message..
     
  13. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    I tried running rootrepeal a few times, but it comes up with the error message 'Memory access at 0x000004,' or something very similar. It seems not to complete after this, even if I leave it for a long time.
     
  14. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    Also, just recently, I will occasionally hear an advertisement that I recognise from the television, but which doesn't have a window in which it could be playing.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I need to know what this is exactly, not "something like." You can look in the Event Viewer System and Apps logs to find the Error that corresponds to the time of the message. Force the error if needed, check time on computer clock, write the time down, do the following:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)

    I want to mention that one of the entries Mbam found was the Rogue.Error.Fix. This malware created an alert for an error you really don't have in an attempt t get you to click on their site to fix it. Please don't act on any error messages until we can verify them.
     
  16. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 31/03/2011 4.58.20 pm

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 30/03/2011 10.28:16pm
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application djview.exe, version 0.0.0.0, time stamp 0x4d771922, faulting module MSVCR100.dll, version 10.0.30319.1, time stamp 0x4ba1dbbe, exception code 0xc0000417, fault offset 0x0008ae6e, process id 0x1710, application start time 0x01cbef296f2f134a.

    Log: 'Application' Date/Time: 30/03/2011 9.33:13pm
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application djview.exe, version 0.0.0.0, time stamp 0x4d771922, faulting module MSVCR100.dll, version 10.0.30319.1, time stamp 0x4ba1dbbe, exception code 0xc0000417, fault offset 0x0008ae6e, process id 0x1528, application start time 0x01cbef21c4b2f7a3.

    Log: 'Application' Date/Time: 30/03/2011 12.13:37pm
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 23c8 Start Time: 01cbec08b444ea52 Termination Time: 3085

    Log: 'Application' Date/Time: 30/03/2011 12.04:25pm
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 8f8 Start Time: 01cbea877770c987 Termination Time: 13269

    Log: 'Application' Date/Time: 23/03/2011 3.09:02pm
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program chrome.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 14b8 Start Time: 01cbe914bad72269 Termination Time: 281

    Log: 'Application' Date/Time: 23/03/2011 3.22:02am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 19/03/2011 4.51:32am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 18/03/2011 4.25:22am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 17/03/2011 10.39:21am
    Type: Error Category: 0
    Event: 11722 Source: MsiInstaller
    Product: Java(TM) 6 Update 12 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action FilesInUseDialog, location: C:\Windows\Installer\MSIF097.tmp, command: C:\Program Files\Java\jre6\

    Log: 'Application' Date/Time: 17/03/2011 5.00:33am
    Type: Error Category: 0
    Event: 8194 Source: VSS
    Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {828bdb51-ec89-4fed-8c4b-4ca4734132a1}

    Log: 'Application' Date/Time: 16/03/2011 8.38:43am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 16/03/2011 8.38:43am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/03/2011 8.38:43am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/03/2011 8.38:43am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/03/2011 3.23:35am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 15/03/2011 9.45:02pm
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 14/03/2011 9.21:06pm
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    Log: 'Application' Date/Time: 14/03/2011 12.21:15pm
    Type: Error Category: 0
    Event: 100 Source: Microsoft Security Client Setup
    The event description cannot be found.

    Log: 'Application' Date/Time: 14/03/2011 12.03:19pm
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 14/03/2011 11.39:57am
    Type: Error Category: 0
    Event: 1 Source: TabletServiceWacom
    TabletService Error: Could not init tablet driver

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 30/03/2011 12.27:34pm
    Type: Error Category: 0
    Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
    A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

    Log: 'System' Date/Time: 30/03/2011 12.27:34pm
    Type: Error Category: 0
    Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
    A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

    Log: 'System' Date/Time: 30/03/2011 12.25:12pm
    Type: Error Category: 0
    Event: 7022 Source: Service Control Manager
    The KService service hung on starting.

    Log: 'System' Date/Time: 30/03/2011 12.23:43pm
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.

    Log: 'System' Date/Time: 30/03/2011 12.18:50pm
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {F40211E8-05C9-4430-B832-041A5ECD7FA2} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 25/03/2011 1.03:23am
    Type: Error Category: 0
    Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
    A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

    Log: 'System' Date/Time: 25/03/2011 1.03:23am
    Type: Error Category: 0
    Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
    A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

    Log: 'System' Date/Time: 25/03/2011 12.59:12am
    Type: Error Category: 0
    Event: 7022 Source: Service Control Manager
    The KService service hung on starting.

    Log: 'System' Date/Time: 25/03/2011 12.56:49am
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.

    Log: 'System' Date/Time: 25/03/2011 12.56:10am
    Type: Error Category: 0
    Event: 6008 Source: EventLog
    The previous system shutdown at 23:35:22 on 24/03/2011 was unexpected.

    Log: 'System' Date/Time: 23/03/2011 3.25:40am
    Type: Error Category: 0
    Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
    A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

    Log: 'System' Date/Time: 23/03/2011 3.25:40am
    Type: Error Category: 0
    Event: 14344 Source: Microsoft-Windows-WMPNSS-Service
    A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

    Log: 'System' Date/Time: 23/03/2011 3.23:30am
    Type: Error Category: 0
    Event: 7022 Source: Service Control Manager
    The KService service hung on starting.

    Log: 'System' Date/Time: 23/03/2011 3.22:13am
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The ghaio service failed to start due to the following error: ghaio is not a valid Win32 application.

    Log: 'System' Date/Time: 23/03/2011 3.19:49am
    Type: Error Category: 0
    Event: 11 Source: disk
    The driver detected a controller error on \Device\Harddisk0\DR0.

    Log: 'System' Date/Time: 23/03/2011 3.19:49am
    Type: Error Category: 0
    Event: 11 Source: disk
    The driver detected a controller error on \Device\Harddisk0\DR0.

    Log: 'System' Date/Time: 23/03/2011 3.19:49am
    Type: Error Category: 0
    Event: 11 Source: disk
    The driver detected a controller error on \Device\Harddisk0\DR0.

    Log: 'System' Date/Time: 23/03/2011 3.19:49am
    Type: Error Category: 0
    Event: 11 Source: disk
    The driver detected a controller error on \Device\Harddisk0\DR0.

    Log: 'System' Date/Time: 23/03/2011 3.19:49am
    Type: Error Category: 0
    Event: 11 Source: disk
    The driver detected a controller error on \Device\Harddisk0\DR0.

    Log: 'System' Date/Time: 23/03/2011 3.19:49am
    Type: Error Category: 0
    Event: 11 Source: disk
    The driver detected a controller error on \Device\Harddisk0\DR0.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you look at the clock when you got the message? What was the time? The date? There are 20 Error Events here. I'm trying to see is I can determine the cause of this Error:
    All of the Errors are time-coded.
     
  18. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    I'm afraid I can't remember. Thank you for your patience with my problems - perhaps if I run the program again?
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding BLESSiNG.exe: This is cloaked malware and it's on a file you saved to the D Partition. It's on the Sibelius 5 software. IF you got the program on a torrent site, it most likely came from there. But now you have malware on the partition

    Regarding the memory error: you got it when you tried to either download or run RootRepeal:
    I'd like you to try and run it again to force the Error so you can check the time. You are looking for an Error at that same time. I'm going to give you a shortcut:

    Click on Start> Run> type in eventvwr> enter> Click on both System & Apps, one at a time. Look for an Error, a clear circle with a red X on top of it for the same time you got the Error message. Double click that Error> click on Copy button> Paste it here. Check both the System and App logs.

    You can find screenshots of the Vista Event Viewer HERE Once you have type the text in Run, the Event Viewer will be displayed, so skip the 'launch' information and scroll down to the screenshots.

    After you have done that, please give me a recap of the 'general trouble' you are having.
     
  20. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    This time, rootrepeal crashed and left the following file on the desktop:

    ROOTREPEAL CRASH REPORT
    -------------------------
    Windows Version: Windows Vista SP2
    Exception Code: 0xc0000005
    Exception Address: 0x004cbf6b
    Attempt to read from address: 0x00000004


    I couldn't find any error in the event viewer that matched the time, which was stated in the name of the file thus: RootRepeal_crash_040411.111637
     
  21. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    Oh, the general trouble now is simply that links on pages in browsers get redirected from search engine results elsewhere. Other than that, I detect no problems.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please update and run a new Malwarebytes scan.

    Follow with new Eset online virus scan:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  23. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6273

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    05/04/2011 4.22.01 pm
    mbam-log-2011-04-05 (16-22-01).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 377537
    Time elapsed: 4 hour(s), 31 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\_OTM\movedfiles\03192011_131930\c_program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\_OTM\movedfiles\03192011_131930\c_program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\_OTM\movedfiles\03192011_131930\C_Users\Paul\documents\downloads\cyberlink.powerdvd.deluxe.v8.0.1531 with keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\_OTM\movedfiles\03192011_131930\d_sibelius 5\BLESSiNG.exe (Trojan.Agent) -> Quarantined and deleted successfully.




    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=f00d883e7b8c5440a6c6c86da0101444
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-17 02:02:33
    # local_time=2011-03-17 02:02:33 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1032 16777214 0 1 298287 298287 0 0
    # compatibility_mode=5892 16776573 100 100 160189 137892683 0 0
    # compatibility_mode=8192 67108863 100 0 3950 3950 0 0
    # scanned=205552
    # found=4
    # cleaned=0
    # scan_time=10597
    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Paul\Documents\Downloads\CyberLink.PowerDVD.Deluxe.v8.0.1531 with keygen\keygen.exe probably a variant of Win32/TrojanDownloader.Agent.FDTXGPZ trojan (unable to clean) 00000000000000000000000000000000 I
    D:\Sibelius 5\BLESSiNG.exe probably a variant of Win32/Agent.JBLLXIL trojan (unable to clean) 00000000000000000000000000000000 I



    I note that ESET finished and reported no infections.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Mbam show the previous removals in OTM> there is no new in Mbam> current log

    Eset log you left is the original one: 2011-03-17 02:02:33 Please update Eset and run a new scan.

    It is possible that the Eset scan could find something that Mbam did not. The only way to be sure is to update and run a new scan.
     
  25. xaetium

    xaetium TS Rookie Topic Starter Posts: 18

    It doesn't seem to matter what I do in terms of downloading and updating the ESET - it just keeps finishing, reporting no problem and doesn't produce any more up-to-date log than the one previously submitted.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...