[Not curable - Sality) Acer Aspire 4520 and lost user needs help

[roughworld]

Not great with computers. have an acer aspire laptop amd athlon 64x2 tk-55 1.8ghz running windows vista hp. 4gb ram 120gb hdd. having problems with a virus or malware to currantly able to fix alone and unable to resolve with programs on the computer now.


i have microsoft firewall, avira antivirus, microsoft security essentals, ran basic check> avira anti virus , malware bytes, gmer, dds and have logs, any help would be ever so greatfully apriciated. i really dont know whta to do so am following
(https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ , http://www.dslreports.com/faq/8428 )


mwbm log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

3/31/2012 7:30:09 PM
mbam-log-2012-03-31 (19-30-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205920
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-31 18:36:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9120822AS rev.3.ALD
Running: rto9612z.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwloapow.sys


---- System - GMER 1.0.15 ----

SSDT 9003E8C6 ZwCreateSection
SSDT 9003E8CB ZwSetContextThread
SSDT 9003E867 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 82EB0998 2 Bytes [C6, E8]
.text ntkrnlpa.exe!KeSetEvent + 218 82EB099B 1 Byte [90]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EB0CF0 4 Bytes CALL A7939CF8
.text ntkrnlpa.exe!KeSetEvent + 621 82EB0DA4 4 Bytes CALL 881A9DAC
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F80B340, 0x3FA057, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] kernel32.dll!CreateThread + 1A 774DCB48 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044CA60] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044CA60] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7450A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7453CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745@0022b478a70b 0xAC 0x6B 0xBE 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745@00210620ce1c 0xE8 0x7C 0x96 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745@0022b478a70b 0xAC 0x6B 0xBE 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745@00210620ce1c 0xE8 0x7C 0x96 0xBD ...

---- EOF - GMER 1.0.15 ----


dds logs
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Owner at 18:43:42 on 2012-03-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1786 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{2B665679-485A-4BC1-9114-6A3E985F55E8} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{487A9A4D-420B-4818-90C4-2801B2F60AB1} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{DB36F33E-5C8F-46F6-9C58-F07EAFB0D87F} : DhcpNameServer = 169.254.2.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\eooy1g4w.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z152&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z152&form=ZGAADF&install_date=20110913&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-21 15672]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-22 494424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-15 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-15 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-15 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-21 821592]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 MotoHelper.exe;Motorola Helper;c:\program files\motorola\moto helper service\MotoHelper.exe [2010-4-21 6656]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-2-2 30600]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-2-12 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-12 33320]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2010-10-27 39632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-30 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-27 23936]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-3-10 20080]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-2-2 19792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-2-2 20336]
.
=============== Created Last 30 ================
.
2012-03-31 21:14:05 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-31 21:14:05 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-31 19:33:04 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3737ef47-c3ba-4b0d-a053-fc5aacda8b68}\mpengine.dll
2012-03-31 05:52:58 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd4ad4d-6ca7-4edd-92be-716513e7c27e}\offreg.dll
2012-03-31 01:51:31 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd4ad4d-6ca7-4edd-92be-716513e7c27e}\mpengine.dll
2012-03-31 01:28:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 23:19:58 -------- d-----w- c:\users\owner\appdata\local\temp
2012-03-30 23:18:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 23:04:15 98816 ----a-w- c:\windows\sed.exe
2012-03-30 23:04:15 518144 ----a-w- c:\windows\SWREG.exe
2012-03-30 23:04:15 256000 ----a-w- c:\windows\PEV.exe
2012-03-30 23:04:15 208896 ----a-w- c:\windows\MBR.exe
2012-03-30 23:04:10 -------- d-----w- C:\ComboFix
2012-03-29 21:56:51 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{287AD1D8-3668-40F0-9EAD-D391AC6B5ABF}-amcap.exe
2012-03-29 21:46:58 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{58309256-1DC9-41E9-8983-4EE732325202}-amcap.exe
2012-03-29 21:41:21 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{2B08A5D8-CB8E-4D39-9983-7FE2EEDB2BA7}-LicenseTool.exe
2012-03-29 21:26:57 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{07E2886F-E700-4A61-A895-0CE5E455ACF5}-LicenseTool.exe
2012-03-29 20:09:13 58368 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{69EBAE4C-A384-4235-B116-537A80C1B02E}-msmoney.exe
2012-03-29 20:09:11 39936 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{E4176D69-7D96-402B-BF21-63622E36A158}-mnywaba.exe
2012-03-29 20:09:10 8192 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{BAF5C105-D1FB-4338-8774-7982DA01F28E}-mnyimprt.exe
2012-03-29 20:09:10 1001984 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{01D21C10-A8CB-424E-B97E-9FBE2BBC707A}-mnyinst.exe
2012-03-29 20:09:09 10240 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{A6917E89-62A4-4DF7-A18A-2AB1621AF827}-mnybbsvc.exe
2012-03-29 20:09:07 139264 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{1FA64291-DBFF-4531-9A81-95036F93B9C6}-daupdate.exe
2012-03-29 20:09:06 132608 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{142832CB-252D-4D47-9CF3-811775857D57}-copymar.exe
2012-03-29 20:08:54 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{06E59350-901B-423C-9046-00B6D3781C61}-WindowBlinds602_enhanced -razorbite.exe
2012-03-29 20:08:43 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8D7AD46F-C335-4814-B37B-FC3AA6638D16}-WindowBlinds602_enhanced -razorbite.exe
2012-03-29 16:58:45 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{555738A0-A713-47E9-8FDE-F7810225F339}-amcap.exe
2012-03-29 16:58:05 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{51820DD5-EBD1-40EF-AF4D-1804B5AEF2A8}-LicenseTool.exe
2012-03-29 16:58:02 827392 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{DD70740B-3ABA-49E4-B9D7-7712BFF37372}-PixieTool.exe
2012-03-29 16:57:53 827392 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{7D1FAEF6-7E99-4D85-B884-712D17395C05}-PixieTool.exe
2012-03-28 18:09:36 94208 ----a-w- c:\windows\PLFSetL.exe
2012-03-28 18:09:36 35072 ----a-w- c:\windows\system32\drivers\x64\sncduvc.sys
2012-03-28 18:09:36 28032 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2012-03-28 18:09:36 1792128 ----a-w- c:\windows\system32\drivers\x64\snp2uvc.sys
2012-03-28 18:09:36 1749376 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2012-03-28 18:09:36 -------- d-----w- c:\windows\system32\drivers\x64
2012-03-28 18:09:36 -------- d-----w- c:\windows\SUYIN NB Cam
2012-03-28 18:09:32 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2012-03-28 18:09:32 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll
2012-03-28 18:09:31 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2012-03-28 18:09:31 -------- d-----w- c:\program files\common files\snp2uvc
2012-03-28 17:52:09 -------- d-----w- c:\program files\SUYIN
2012-03-28 17:52:09 -------- d-----w- c:\program files\ACER Crystal Eye webcam
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 03:49:21 177152 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{337EFD86-3240-40A6-9266-A9DC38E0E41D}-A0045212.exe
2012-03-17 23:14:53 190976 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{AE496534-80EE-4CF1-879E-F749D10D2CA3}-SETUP.EXE
2012-03-17 23:14:52 62464 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{4BB8C434-5D9A-4D02-95E2-8BEB21B856FF}-autorun.exe
2012-03-17 23:14:52 190976 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{426EA8DC-DF83-4F51-B702-8303E1D5EB3A}-SETUP.EXE
2012-03-17 23:14:22 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{2589557E-C7CA-4805-B85A-184E504FE553}-WindowBlinds602_enhanced -razorbite.exe
2012-03-17 23:11:06 17281536 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8F14CB80-9E0A-4F5A-B4F6-68B358F2DCA1}-WindowBlinds601_vibes.exe
2012-03-17 18:54:10 -------- d-----w- c:\program files\iPod
2012-03-17 18:54:07 -------- d-----w- c:\program files\iTunes
2012-03-15 21:49:17 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 21:49:16 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 21:49:16 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 21:49:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 21:49:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 21:49:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 21:49:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-15 21:48:24 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-15 21:48:24 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-15 21:48:16 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 21:48:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 05:19:40 -------- d-----w- c:\users\owner\appdata\roaming\AVG8
2012-03-11 02:04:39 -------- d-----w- c:\program files\PeerBlock
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-02-23 17:47:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 23:58:45 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 23:58:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 23:58:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 23:58:25 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 23:56:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 18:44:08.73 ===============
and

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

You're not saying what your computer issues are.

I still need Attach.txt part of DDS.

You're running two AV programs, Avira and MSE.
One of them has to go.
Your choice.

 

[roughworld]

more info...

sorry it should be there I posted the entire thing cut into sections. I can see it in my posts under username but its not in the thread?.....


sorry in advance. but thank you so much for the help.

o k. im getting random lockups white or pixelated screens., a notification of the w.sality.p ? virus. losing memory at a bad rate. im almost full a 120 gb hdd shows 111/ and dropped from 20+avail to less than ten in days and floats around 3-5gb free. I can clean and scan and remove old restore/shadow copys and get 8-9gb but its gone the next day and im worried. dont want to botch it ive scaned and updated.
but no avail. yet.... but I remain opptimistic. I have followed the 5 steps and am reading more awaiting orders.


as for the condition. I bought a used laptop 2 year old a couple years ago and havent changed much from then. just movies pics music. research. ... I do not want to let this crash. I have what I was recomended.if I should remove one of the programs id be glad too. avira bothers me, advanced sysem care/iorbit/ sucks,mcaffe security scan plus is a bore.malwarebites helped with a program before so I left it on. microsoft security essentials seemed good and windows defender says it blocks things sometimes. I think I might even have a paid antivirus I was given. somewhere. im not very good at computers but I seem to bumble along. I think microsoft updated and gave me some new scanner too. ill be glad to resolve but im not sure which files to keep and which is the better to have?

 

[Broni]

a notification of the w.sality.p ? virus

I'm afraid I have very bad news.

You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.

 

[roughworld]

is there anything to do?

i have years worth of pics and research. notepad docs, text files and some not backed up? is there any way to disinfect to be able to save most important things
?
?
even my backup hdd may have been connected at some point? please.

 

[Broni]

You can backup your data.
Format the drive and reinstall Windows.

Then...
Install Panda USB Vaccine, or BitDefender’s USB Immunizer to protect the computer from any infected USB device.

Now you're ready to plug in your external drive and scan it with your AV program.