Inactive Search links re-directing

Status
Not open for further replies.
Hi there,

When I run a google search the links it gives me usually redirect to other sites. Sometimes it'll be an ad site, other times another search engine like gomeo or scour. And pressing back doesn't do anything.

I've followed the 8-step process, here are the logs-

Malwarebytes (I ran this a few times last night too, a lot more infected items were found and deleted)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4901

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

22/10/2010 08:53:29
mbam-log-2010-10-22 (08-53-29).txt

Scan type: Quick scan
Objects scanned: 142448
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Quarantined and deleted successfully.








GMER

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-22 11:41:36
Windows 6.0.6002 Service Pack 2
Running: hj6w5dmd.exe; Driver: C:\Users\Tig\AppData\Local\Temp\uxroikoc.sys


---- System - GMER 1.0.15 ----

SSDT 883A46B8 ZwAlertResumeThread
SSDT 87FC30F8 ZwAlertThread
SSDT 8839FE90 ZwAllocateVirtualMemory
SSDT 881E81F0 ZwConnectPort
SSDT 883A4468 ZwCreateMutant
SSDT 883E0520 ZwCreateThread
SSDT 8839FCF0 ZwFreeVirtualMemory
SSDT 883A4538 ZwImpersonateAnonymousToken
SSDT 883A45F8 ZwImpersonateThread
SSDT 883C7C80 ZwMapViewOfSection
SSDT 883E0DC8 ZwOpenEvent
SSDT 883E04E8 ZwOpenProcessToken
SSDT 883C7228 ZwOpenThreadToken
SSDT 883DC7B8 ZwResumeThread
SSDT 883C7AB8 ZwSetContextThread
SSDT 883C7AF0 ZwSetInformationProcess
SSDT 883C70D0 ZwSetInformationThread
SSDT 883E0D08 ZwSuspendProcess
SSDT 87FC3200 ZwSuspendThread
SSDT 86DE1488 ZwTerminateProcess
SSDT 883C7050 ZwTerminateThread
SSDT 883C7BC0 ZwUnmapViewOfSection
SSDT 8839FDC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820FE880 8 Bytes [B8, 46, 3A, 88, F8, 30, FC, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820FE894 4 Bytes [90, FE, 39, 88]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820FE924 4 Bytes [F0, 81, 1E, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820FE958 4 Bytes [68, 44, 3A, 88]
.text ntkrnlpa.exe!KeSetEvent + 221 820FE984 4 Bytes [20, 05, 3E, 88]
.text ...
? System32\drivers\lxgqj.sys The system cannot find the path specified. !
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0xAC5C6000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0xAC5C7000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExW 77031305 5 Bytes JMP 6CF7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamW 770510B0 5 Bytes JMP 6CEA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamW 77052EF5 5 Bytes JMP 6D075027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamA 77068152 5 Bytes JMP 6D074FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamA 7706847D 5 Bytes JMP 6D07508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectA 7707D4D9 5 Bytes JMP 6D074F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectW 7707D5D3 5 Bytes JMP 6D074EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExA 7707D639 5 Bytes JMP 6D074E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExW 7707D65D 5 Bytes JMP 6D074E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetWindowsHookExW 770287AD 5 Bytes JMP 6CF79AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CallNextHookEx 77028E3B 5 Bytes JMP 6CF6D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!UnhookWindowsHookEx 770298DB 5 Bytes JMP 6CEE4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateWindowExW 77031305 5 Bytes JMP 6CF7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamW 770510B0 5 Bytes JMP 6CEA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamW 77052EF5 5 Bytes JMP 6D075027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamA 77068152 5 Bytes JMP 6D074FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamA 7706847D 5 Bytes JMP 6D07508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectA 7707D4D9 5 Bytes JMP 6D074F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectW 7707D5D3 5 Bytes JMP 6D074EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExA 7707D639 5 Bytes JMP 6D074E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExW 7707D65D 5 Bytes JMP 6D074E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!OleLoadFromStream 76971E80 5 Bytes JMP 6D07538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!CoCreateInstance 769A9F3E 5 Bytes JMP 6CF7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7419F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7419E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7419FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7419FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7422CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7419D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74196853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7419687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9fe5d45
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9fe5d45@001620cb3eb8 0xA2 0x00 0x7B 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9fe5d45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9fe5d45@001620cb3eb8 0xA2 0x00 0x7B 0x9C ...

---- EOF - GMER 1.0.15 ----






DDS.txt


DDS (Ver_10-10-21.02) - NTFSx86
Run by Tig at 11:51:57.43 on 22/10/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.752 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Tig\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Tig\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tig\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSEARCH PAGE = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {01b49d0d-ad45-461a-b95e-2f95de4834ad} - c:\windows\system32\atl32.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Acer Tour Reminder]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Updater shortcut] c:\program files\t-mobile\web'n'walk manager\WTGU.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acer Tour]
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [DataCardMonitor] c:\program files\t-mobile\web'n'walk manager\DataCardMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\users\tig\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tig\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\tig\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\dnshc32.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090311.001\IDSvix86.sys [2009-3-17 270384]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-12-21 39408]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-21 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-21 60936]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-9 21504]
S3 ptO2_bus;O2 Composite Device;c:\windows\system32\drivers\ptO2_bus.sys [2009-1-23 22144]
S3 ptO2_flt;O2 USB Filter Service;c:\windows\system32\drivers\ptO2_flt.sys [2009-1-23 4608]
S3 ptO2_mdm;O2 USB Modem;c:\windows\system32\drivers\ptO2_mdm.sys [2009-1-23 39808]
S3 ptO2_prt;O2 Diagnostic Serial Port;c:\windows\system32\drivers\ptO2_prt.sys [2009-1-23 38528]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-12-31 1251720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-22 02:27:31 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-22 02:09:20 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-22 02:09:19 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-22 02:09:19 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-22 02:07:21 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-10-22 02:05:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-22 02:05:10 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-22 02:05:10 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-21 21:45:16 -------- d-----w- c:\users\tig\appdata\roaming\Avira
2010-10-21 21:39:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-21 21:39:00 -------- d-----w- c:\program files\Avira
2010-10-21 21:39:00 -------- d-----w- c:\progra~2\Avira
2010-10-21 19:32:38 -------- d-----w- c:\windows\system32\eu-ES
2010-10-21 19:32:38 -------- d-----w- c:\windows\system32\ca-ES
2010-10-21 19:32:35 -------- d-----w- c:\windows\system32\vi-VN
2010-10-21 18:56:46 -------- d-----w- c:\windows\system32\EventProviders
2010-10-21 18:54:59 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-10-21 18:53:59 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-10-21 17:27:37 -------- d-----w- c:\users\tig\Roaming
2010-10-21 17:27:36 -------- d-----w- c:\progra~2\Roaming
2010-10-21 17:26:24 -------- d-----w- c:\program files\Cisco
2010-10-21 17:26:19 -------- d-----w- c:\program files\common files\Intel
2010-10-21 17:20:22 -------- d-----w- c:\windows\system32\x64
2010-10-21 17:12:07 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-10-21 17:00:52 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-21 17:00:52 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-21 17:00:52 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-21 17:00:52 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-21 17:00:52 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-21 16:56:59 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2010-10-21 16:56:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-10-21 16:56:59 385024 ----a-w- c:\windows\system32\html.iec
2010-10-21 16:55:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-21 16:54:47 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-21 16:54:47 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-21 16:54:46 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-21 16:54:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-21 16:54:46 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-21 16:54:37 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-21 16:54:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-21 16:54:33 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-21 16:54:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-21 16:54:17 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-21 16:54:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-21 16:53:58 502272 ----a-w- c:\windows\system32\usp10.dll
2010-10-21 16:53:32 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-10-21 16:53:24 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-21 16:53:24 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-21 16:53:20 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-10-21 16:53:17 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-10-21 16:53:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 16:53:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-21 16:53:11 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2010-10-21 16:53:08 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-21 16:53:06 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-10-21 16:53:03 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-21 16:52:59 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-21 16:52:58 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-21 16:51:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-10-21 16:51:48 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-21 16:51:46 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-21 16:51:36 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-10-21 16:51:00 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-21 16:48:04 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-21 16:47:15 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-21 16:47:15 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-21 16:47:09 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-21 16:47:09 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-10-21 16:47:06 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-21 16:46:56 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-21 16:08:09 -------- d-----w- C:\PerfLogs
2010-10-21 12:16:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 10:49:54 -------- d-----w- c:\users\tig\appdata\roaming\Malwarebytes
2010-10-21 10:49:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-21 10:48:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-21 10:48:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-21 10:48:59 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-20 23:15:33 372736 ----a-w- c:\windows\system32\atl32.dll
2010-10-20 10:24:40 -------- d-----w- c:\users\tig\appdata\roaming\TP
2010-10-20 10:05:31 0 ----a-w- c:\users\tig\appdata\roaming\3020.tmp
2010-10-20 10:05:27 0 ----a-w- c:\users\tig\appdata\roaming\1EE0.tmp
2010-10-19 07:09:57 0 ----a-w- c:\users\tig\appdata\roaming\1685.tmp
2010-10-18 06:50:12 0 ----a-w- c:\users\tig\appdata\roaming\E318.tmp
2010-10-18 06:50:12 0 ----a-w- c:\users\tig\appdata\roaming\E317.tmp
2010-10-18 06:50:12 0 ----a-w- c:\users\tig\appdata\roaming\E306.tmp
2010-10-17 09:55:12 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-16 18:15:22 -------- d-sh--w- C:\found.000
2010-10-16 11:04:43 0 ----a-w- c:\users\tig\appdata\roaming\A032.tmp
2010-10-16 11:04:42 0 ----a-w- c:\users\tig\appdata\roaming\9EE9.tmp
2010-10-14 20:25:24 0 ----a-w- c:\users\tig\appdata\roaming\3AEB.tmp
2010-10-12 11:38:28 0 ----a-w- c:\users\tig\appdata\roaming\894C.tmp
2010-10-12 11:38:27 0 ----a-w- c:\users\tig\appdata\roaming\87A6.tmp
2010-10-12 11:38:27 0 ----a-w- c:\users\tig\appdata\roaming\8583.tmp
2010-10-10 12:14:43 0 ----a-w- c:\users\tig\appdata\roaming\FE60.tmp
2010-10-10 12:14:43 0 ----a-w- c:\users\tig\appdata\roaming\FE4F.tmp
2010-10-01 18:55:01 0 ----a-w- c:\users\tig\appdata\roaming\4C07.tmp
2010-09-30 15:18:11 0 ----a-w- c:\users\tig\appdata\roaming\D48B.tmp
2010-09-30 15:18:11 0 ----a-w- c:\users\tig\appdata\roaming\D48A.tmp
2010-09-30 15:18:11 0 ----a-w- c:\users\tig\appdata\roaming\D489.tmp
2010-09-27 19:28:51 0 ----a-w- c:\users\tig\appdata\local\Akimikere.bin
2010-09-27 17:27:22 -------- d-----w- c:\users\tig\appdata\local\{5AF54713-B6C6-42E0-A802-0AAFE6F1C9D1}

==================== Find3M ====================

2010-10-21 15:26:57 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-21 15:26:53 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-17 21:17:04 0 ----a-w- c:\users\tig\appdata\roaming\1BE3.tmp
2010-09-17 21:17:04 0 ----a-w- c:\users\tig\appdata\roaming\1BE2.tmp
2010-09-17 21:17:02 0 ----a-w- c:\users\tig\appdata\roaming\13D6.tmp
2010-09-15 15:06:28 1142272 --sha-w- c:\users\tig\appdata\roaming\ECB7.tmp
2010-09-14 10:58:21 1142272 --sha-w- c:\users\tig\appdata\roaming\DBF3.tmp
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-24 15:13:16 0 ----a-w- c:\users\tig\appdata\roaming\5E5A.tmp
2010-08-13 07:53:22 0 ----a-w- c:\users\tig\appdata\roaming\B668.tmp
2010-08-04 12:26:18 0 ----a-w- c:\users\tig\appdata\roaming\C4A8.tmp
2010-08-04 09:54:58 0 ----a-w- c:\users\tig\appdata\roaming\3377.tmp
2010-08-03 12:50:28 0 ----a-w- c:\users\tig\appdata\roaming\8504.tmp
2010-07-31 09:31:08 0 ----a-w- c:\users\tig\appdata\roaming\EDBF.tmp
2010-07-31 09:31:08 0 ----a-w- c:\users\tig\appdata\roaming\EDBE.tmp

============= FINISH: 11:52:38.11 ===============



Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/12/2007 02:42:20
System Uptime: 22/10/2010 08:54:46 (3 hours ago)

Motherboard: Acer | | Calado
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 66.594 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 111.296 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&28AF476&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&28AF476&0&00E0
Service: b57nd60x

==== System Restore Points ===================

RP221: 21/10/2010 16:13:37 - Windows Vista Service Pack 1
RP222: 21/10/2010 17:58:15 - Windows Update
RP223: 21/10/2010 19:20:36 - Windows Update
RP224: 21/10/2010 19:56:06 - Windows Update
RP225: 22/10/2010 03:00:18 - Windows Update

==== Installed Programs ======================

Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Agere Systems HDA Modem
AppCore
Apple Mobile Device Support
Apple Software Update
µTorrent
AV
Avira AntiVir Personal - Free Antivirus
Big Kahuna Reef 2
Bonjour
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Brother MFL-Pro Suite DCP-197C
ccCommon
Dropbox
Dynasty
Galapago
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Solitaire
Launch Manager
LightScribe 1.4.142.1
LimeWire 5.4.6
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
O2 Cocoon Driver
OGA Notifier 2.0.0048.0
Orion
PaperPort Image Printer
PC Suite
PowerProducer 3.72
Presto! ImageFolio 4
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson W800 Software
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Treasures of the Deep
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
web'n'walk Manager
WIDCOMM Bluetooth Software 6.0.1.3900
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Yahoo! Toolbar
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

22/10/2010 08:55:53, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
21/10/2010 22:39:36, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
21/10/2010 22:25:48, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/10/2010 22:25:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
21/10/2010 18:42:20, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

==== End Of File ===========================


Hope thats okay,
Any help or advice would be great!
Thanks!

Tig
 
Nice job with the logs- thank you.

Let's see if we can identify the Worms that are crawling around in the system:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Important! Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Hello :)

Thanks for the advice... although, I think I may have done something wrong... :/

I followed the steps you gave me, the scanner showed something like 320 threats!

But the log.txt file only shows the following -

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK




Should I run it again? Theres lots more files in the ESET program files folder, but none appear to be logs.

Thanks!
 
You're running both Avira and Norton Antivirus Please remove one of them. Here are tools to help:
Norton Removal Tool
To uninstall Avira:
  • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
  • Wait for the list of installed programs to load, then click the name of the Avira program.
  • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
  • Press Yes, to confirm the removal and then OK.
  • . Click Next until Finish. The software is removed.
Please reboot the computer when through.
====================================
Search for: C:\Program Files\EsetOnlineScanner\log.txt.

If you can't find it, try running the scan again. If it still fails to produce a log, run this instead:

Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
======================================
Please follow with download of ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=================================================
Note: If you did not run TFC, please run it before running Combofix. There are quite a few tmp files and TFC should remove at least some of them.
 
Hi there,

Thanks for this.

Quick question... I downloaded Avira because I didn't realise I had Norton.
I think it needs updating, do you have to pay for Norton? In which case I'll remove it and keep Avira.

Sorry I'm such a doofus!!

tig
 
Norton requires a paid subscription. Both Avast and Avira are free. If you decide not to keep Norton, please make sure Avira is currently updated and then use this tool to remove Norton:

Download the removal tool first, but don't run yet> save to desktop.
Norton Removal Tool

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
The run the Norton Removal Tool.
 
Status
Not open for further replies.
Back