TechSpot

Search links re-directing

By tig
Oct 22, 2010
  1. Hi there,

    When I run a google search the links it gives me usually redirect to other sites. Sometimes it'll be an ad site, other times another search engine like gomeo or scour. And pressing back doesn't do anything.

    I've followed the 8-step process, here are the logs-

    Malwarebytes (I ran this a few times last night too, a lot more infected items were found and deleted)

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4901

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    22/10/2010 08:53:29
    mbam-log-2010-10-22 (08-53-29).txt

    Scan type: Quick scan
    Objects scanned: 142448
    Time elapsed: 9 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Quarantined and deleted successfully.








    GMER

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-22 11:41:36
    Windows 6.0.6002 Service Pack 2
    Running: hj6w5dmd.exe; Driver: C:\Users\Tig\AppData\Local\Temp\uxroikoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 883A46B8 ZwAlertResumeThread
    SSDT 87FC30F8 ZwAlertThread
    SSDT 8839FE90 ZwAllocateVirtualMemory
    SSDT 881E81F0 ZwConnectPort
    SSDT 883A4468 ZwCreateMutant
    SSDT 883E0520 ZwCreateThread
    SSDT 8839FCF0 ZwFreeVirtualMemory
    SSDT 883A4538 ZwImpersonateAnonymousToken
    SSDT 883A45F8 ZwImpersonateThread
    SSDT 883C7C80 ZwMapViewOfSection
    SSDT 883E0DC8 ZwOpenEvent
    SSDT 883E04E8 ZwOpenProcessToken
    SSDT 883C7228 ZwOpenThreadToken
    SSDT 883DC7B8 ZwResumeThread
    SSDT 883C7AB8 ZwSetContextThread
    SSDT 883C7AF0 ZwSetInformationProcess
    SSDT 883C70D0 ZwSetInformationThread
    SSDT 883E0D08 ZwSuspendProcess
    SSDT 87FC3200 ZwSuspendThread
    SSDT 86DE1488 ZwTerminateProcess
    SSDT 883C7050 ZwTerminateThread
    SSDT 883C7BC0 ZwUnmapViewOfSection
    SSDT 8839FDC0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 820FE880 8 Bytes [B8, 46, 3A, 88, F8, 30, FC, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 820FE894 4 Bytes [90, FE, 39, 88]
    .text ntkrnlpa.exe!KeSetEvent + 1C1 820FE924 4 Bytes [F0, 81, 1E, 88]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 820FE958 4 Bytes [68, 44, 3A, 88]
    .text ntkrnlpa.exe!KeSetEvent + 221 820FE984 4 Bytes [20, 05, 3E, 88]
    .text ...
    ? System32\drivers\lxgqj.sys The system cannot find the path specified. !
    C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0xAC5C6000]
    .clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0xAC5C7000, 0x1000, 0x00000000]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExW 77031305 5 Bytes JMP 6CF7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamW 770510B0 5 Bytes JMP 6CEA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamW 77052EF5 5 Bytes JMP 6D075027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamA 77068152 5 Bytes JMP 6D074FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamA 7706847D 5 Bytes JMP 6D07508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectA 7707D4D9 5 Bytes JMP 6D074F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectW 7707D5D3 5 Bytes JMP 6D074EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExA 7707D639 5 Bytes JMP 6D074E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExW 7707D65D 5 Bytes JMP 6D074E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetWindowsHookExW 770287AD 5 Bytes JMP 6CF79AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CallNextHookEx 77028E3B 5 Bytes JMP 6CF6D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!UnhookWindowsHookEx 770298DB 5 Bytes JMP 6CEE4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateWindowExW 77031305 5 Bytes JMP 6CF7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamW 770510B0 5 Bytes JMP 6CEA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamW 77052EF5 5 Bytes JMP 6D075027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamA 77068152 5 Bytes JMP 6D074FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamA 7706847D 5 Bytes JMP 6D07508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectA 7707D4D9 5 Bytes JMP 6D074F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectW 7707D5D3 5 Bytes JMP 6D074EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExA 7707D639 5 Bytes JMP 6D074E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExW 7707D65D 5 Bytes JMP 6D074E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!OleLoadFromStream 76971E80 5 Bytes JMP 6D07538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!CoCreateInstance 769A9F3E 5 Bytes JMP 6CF7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7419F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7419E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7419FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7419FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7422CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7419D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74196853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7419687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9fe5d45
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9fe5d45@001620cb3eb8 0xA2 0x00 0x7B 0x9C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9fe5d45 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9fe5d45@001620cb3eb8 0xA2 0x00 0x7B 0x9C ...

    ---- EOF - GMER 1.0.15 ----






    DDS.txt


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Tig at 11:51:57.43 on 22/10/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.752 [GMT 1:00]

    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\Tig\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Tig\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Tig\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uSEARCH PAGE = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.uk.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: {01b49d0d-ad45-461a-b95e-2f95de4834ad} - c:\windows\system32\atl32.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [Acer Tour Reminder]
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Updater shortcut] c:\program files\t-mobile\web'n'walk manager\WTGU.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
    mRun: [Acer Tour]
    mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [eRecoveryService]
    mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [DataCardMonitor] c:\program files\t-mobile\web'n'walk manager\DataCardMonitor.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Skytel] Skytel.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
    StartupFolder: c:\users\tig\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tig\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\tig\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\dnshc32.dll

    ============= SERVICES / DRIVERS ===============

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090311.001\IDSvix86.sys [2009-3-17 270384]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-12-21 39408]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-21 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-21 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-21 60936]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-9 21504]
    S3 ptO2_bus;O2 Composite Device;c:\windows\system32\drivers\ptO2_bus.sys [2009-1-23 22144]
    S3 ptO2_flt;O2 USB Filter Service;c:\windows\system32\drivers\ptO2_flt.sys [2009-1-23 4608]
    S3 ptO2_mdm;O2 USB Modem;c:\windows\system32\drivers\ptO2_mdm.sys [2009-1-23 39808]
    S3 ptO2_prt;O2 Diagnostic Serial Port;c:\windows\system32\drivers\ptO2_prt.sys [2009-1-23 38528]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-12-31 1251720]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-22 02:27:31 -------- d-----w- c:\program files\Windows Portable Devices
    2010-10-22 02:09:20 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2010-10-22 02:09:19 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2010-10-22 02:09:19 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2010-10-22 02:07:21 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2010-10-22 02:05:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2010-10-22 02:05:10 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2010-10-22 02:05:10 234496 ----a-w- c:\windows\system32\oleacc.dll
    2010-10-21 21:45:16 -------- d-----w- c:\users\tig\appdata\roaming\Avira
    2010-10-21 21:39:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-21 21:39:00 -------- d-----w- c:\program files\Avira
    2010-10-21 21:39:00 -------- d-----w- c:\progra~2\Avira
    2010-10-21 19:32:38 -------- d-----w- c:\windows\system32\eu-ES
    2010-10-21 19:32:38 -------- d-----w- c:\windows\system32\ca-ES
    2010-10-21 19:32:35 -------- d-----w- c:\windows\system32\vi-VN
    2010-10-21 18:56:46 -------- d-----w- c:\windows\system32\EventProviders
    2010-10-21 18:54:59 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
    2010-10-21 18:53:59 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
    2010-10-21 17:27:37 -------- d-----w- c:\users\tig\Roaming
    2010-10-21 17:27:36 -------- d-----w- c:\progra~2\Roaming
    2010-10-21 17:26:24 -------- d-----w- c:\program files\Cisco
    2010-10-21 17:26:19 -------- d-----w- c:\program files\common files\Intel
    2010-10-21 17:20:22 -------- d-----w- c:\windows\system32\x64
    2010-10-21 17:12:07 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2010-10-21 17:00:52 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-10-21 17:00:52 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-10-21 17:00:52 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-10-21 17:00:52 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-10-21 17:00:52 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-10-21 16:56:59 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
    2010-10-21 16:56:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-10-21 16:56:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-21 16:55:01 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-21 16:54:47 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-21 16:54:47 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-21 16:54:46 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-21 16:54:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-21 16:54:46 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-21 16:54:37 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-10-21 16:54:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-21 16:54:33 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-21 16:54:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-21 16:54:17 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-21 16:54:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-21 16:53:58 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-10-21 16:53:32 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2010-10-21 16:53:24 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-21 16:53:24 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-21 16:53:20 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2010-10-21 16:53:17 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2010-10-21 16:53:15 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-21 16:53:14 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-21 16:53:11 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2010-10-21 16:53:08 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-21 16:53:06 81920 ----a-w- c:\windows\system32\iccvid.dll
    2010-10-21 16:53:03 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-21 16:52:59 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-21 16:52:58 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-21 16:51:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-10-21 16:51:48 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-21 16:51:46 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-10-21 16:51:36 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-10-21 16:51:00 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-21 16:48:04 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-10-21 16:47:15 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-10-21 16:47:15 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-10-21 16:47:09 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-21 16:47:09 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2010-10-21 16:47:06 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-10-21 16:46:56 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-10-21 16:08:09 -------- d-----w- C:\PerfLogs
    2010-10-21 12:16:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-21 10:49:54 -------- d-----w- c:\users\tig\appdata\roaming\Malwarebytes
    2010-10-21 10:49:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-21 10:48:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-21 10:48:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-21 10:48:59 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-20 23:15:33 372736 ----a-w- c:\windows\system32\atl32.dll
    2010-10-20 10:24:40 -------- d-----w- c:\users\tig\appdata\roaming\TP
    2010-10-20 10:05:31 0 ----a-w- c:\users\tig\appdata\roaming\3020.tmp
    2010-10-20 10:05:27 0 ----a-w- c:\users\tig\appdata\roaming\1EE0.tmp
    2010-10-19 07:09:57 0 ----a-w- c:\users\tig\appdata\roaming\1685.tmp
    2010-10-18 06:50:12 0 ----a-w- c:\users\tig\appdata\roaming\E318.tmp
    2010-10-18 06:50:12 0 ----a-w- c:\users\tig\appdata\roaming\E317.tmp
    2010-10-18 06:50:12 0 ----a-w- c:\users\tig\appdata\roaming\E306.tmp
    2010-10-17 09:55:12 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-16 18:15:22 -------- d-sh--w- C:\found.000
    2010-10-16 11:04:43 0 ----a-w- c:\users\tig\appdata\roaming\A032.tmp
    2010-10-16 11:04:42 0 ----a-w- c:\users\tig\appdata\roaming\9EE9.tmp
    2010-10-14 20:25:24 0 ----a-w- c:\users\tig\appdata\roaming\3AEB.tmp
    2010-10-12 11:38:28 0 ----a-w- c:\users\tig\appdata\roaming\894C.tmp
    2010-10-12 11:38:27 0 ----a-w- c:\users\tig\appdata\roaming\87A6.tmp
    2010-10-12 11:38:27 0 ----a-w- c:\users\tig\appdata\roaming\8583.tmp
    2010-10-10 12:14:43 0 ----a-w- c:\users\tig\appdata\roaming\FE60.tmp
    2010-10-10 12:14:43 0 ----a-w- c:\users\tig\appdata\roaming\FE4F.tmp
    2010-10-01 18:55:01 0 ----a-w- c:\users\tig\appdata\roaming\4C07.tmp
    2010-09-30 15:18:11 0 ----a-w- c:\users\tig\appdata\roaming\D48B.tmp
    2010-09-30 15:18:11 0 ----a-w- c:\users\tig\appdata\roaming\D48A.tmp
    2010-09-30 15:18:11 0 ----a-w- c:\users\tig\appdata\roaming\D489.tmp
    2010-09-27 19:28:51 0 ----a-w- c:\users\tig\appdata\local\Akimikere.bin
    2010-09-27 17:27:22 -------- d-----w- c:\users\tig\appdata\local\{5AF54713-B6C6-42E0-A802-0AAFE6F1C9D1}

    ==================== Find3M ====================

    2010-10-21 15:26:57 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2010-10-21 15:26:53 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2010-09-17 21:17:04 0 ----a-w- c:\users\tig\appdata\roaming\1BE3.tmp
    2010-09-17 21:17:04 0 ----a-w- c:\users\tig\appdata\roaming\1BE2.tmp
    2010-09-17 21:17:02 0 ----a-w- c:\users\tig\appdata\roaming\13D6.tmp
    2010-09-15 15:06:28 1142272 --sha-w- c:\users\tig\appdata\roaming\ECB7.tmp
    2010-09-14 10:58:21 1142272 --sha-w- c:\users\tig\appdata\roaming\DBF3.tmp
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-08-24 15:13:16 0 ----a-w- c:\users\tig\appdata\roaming\5E5A.tmp
    2010-08-13 07:53:22 0 ----a-w- c:\users\tig\appdata\roaming\B668.tmp
    2010-08-04 12:26:18 0 ----a-w- c:\users\tig\appdata\roaming\C4A8.tmp
    2010-08-04 09:54:58 0 ----a-w- c:\users\tig\appdata\roaming\3377.tmp
    2010-08-03 12:50:28 0 ----a-w- c:\users\tig\appdata\roaming\8504.tmp
    2010-07-31 09:31:08 0 ----a-w- c:\users\tig\appdata\roaming\EDBF.tmp
    2010-07-31 09:31:08 0 ----a-w- c:\users\tig\appdata\roaming\EDBE.tmp

    ============= FINISH: 11:52:38.11 ===============



    Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/12/2007 02:42:20
    System Uptime: 22/10/2010 08:54:46 (3 hours ago)

    Motherboard: Acer | | Calado
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2001/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 66.594 GiB free.
    D: is FIXED (NTFS) - 112 GiB total, 111.296 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&28AF476&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&28AF476&0&00E0
    Service: b57nd60x

    ==== System Restore Points ===================

    RP221: 21/10/2010 16:13:37 - Windows Vista Service Pack 1
    RP222: 21/10/2010 17:58:15 - Windows Update
    RP223: 21/10/2010 19:20:36 - Windows Update
    RP224: 21/10/2010 19:56:06 - Windows Update
    RP225: 22/10/2010 03:00:18 - Windows Update

    ==== Installed Programs ======================

    Acer Arcade Deluxe
    Acer Crystal Eye webcam
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Acer Tour
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.0
    Agere Systems HDA Modem
    AppCore
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    AV
    Avira AntiVir Personal - Free Antivirus
    Big Kahuna Reef 2
    Bonjour
    Bricks of Egypt
    Broadcom Gigabit Integrated Controller
    Brother MFL-Pro Suite DCP-197C
    ccCommon
    Dropbox
    Dynasty
    Galapago
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) PROSet/Wireless WiFi Software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Quest Solitaire
    Launch Manager
    LightScribe 1.4.142.1
    LimeWire 5.4.6
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Luxor 2
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MSRedist
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files - Prime Suspects
    Mystery Case Files Ravenhearst
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    O2 Cocoon Driver
    OGA Notifier 2.0.0048.0
    Orion
    PaperPort Image Printer
    PC Suite
    PowerProducer 3.72
    Presto! ImageFolio 4
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    ScanSoft PaperPort 11
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sony Ericsson Device Data
    Sony Ericsson Drivers
    Sony Ericsson PC Suite
    Sony Ericsson W800 Software
    SPBBC 32bit
    Symantec Real Time Storage Protection Component
    SymNet
    Synaptics Pointing Device Driver
    Treasures of the Deep
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    web'n'walk Manager
    WIDCOMM Bluetooth Software 6.0.1.3900
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Yahoo! Toolbar
    Zuma Deluxe

    ==== Event Viewer Messages From Past Week ========

    22/10/2010 08:55:53, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    21/10/2010 22:39:36, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    21/10/2010 22:25:48, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/10/2010 22:25:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    21/10/2010 18:42:20, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

    ==== End Of File ===========================


    Hope thats okay,
    Any help or advice would be great!
    Thanks!

    Tig
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Nice job with the logs- thank you.

    Let's see if we can identify the Worms that are crawling around in the system:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Important! Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. tig

    tig TS Rookie Topic Starter

    Hello :)

    Thanks for the advice... although, I think I may have done something wrong... :/

    I followed the steps you gave me, the scanner showed something like 320 threats!

    But the log.txt file only shows the following -

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK




    Should I run it again? Theres lots more files in the ESET program files folder, but none appear to be logs.

    Thanks!
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're running both Avira and Norton Antivirus Please remove one of them. Here are tools to help:
    Norton Removal Tool
    To uninstall Avira:
    • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
    • Wait for the list of installed programs to load, then click the name of the Avira program.
    • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
    • Press Yes, to confirm the removal and then OK.
    • . Click Next until Finish. The software is removed.
    Please reboot the computer when through.
    ====================================
    Search for: C:\Program Files\EsetOnlineScanner\log.txt.

    If you can't find it, try running the scan again. If it still fails to produce a log, run this instead:

    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
    ======================================
    Please follow with download of ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =================================================
    Note: If you did not run TFC, please run it before running Combofix. There are quite a few tmp files and TFC should remove at least some of them.
     
  5. tig

    tig TS Rookie Topic Starter

    Hi there,

    Thanks for this.

    Quick question... I downloaded Avira because I didn't realise I had Norton.
    I think it needs updating, do you have to pay for Norton? In which case I'll remove it and keep Avira.

    Sorry I'm such a doofus!!

    tig
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Norton requires a paid subscription. Both Avast and Avira are free. If you decide not to keep Norton, please make sure Avira is currently updated and then use this tool to remove Norton:

    Download the removal tool first, but don't run yet> save to desktop.
    Norton Removal Tool

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    The run the Norton Removal Tool.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thread closed due to inactivity.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...