Inactive [InActive] Another Google Redirect Problem

Bmwm3evo · 2009/12/13

Hi all, I've tried MalwareBytes, SAS, and another program, scanned with the McAffee this computer came with, then installed Avira and all have brought up something and "Successfully" removed the problem. About 5 minutes later it will come back and redirect my google searches.

Ive tried disabling System Restore and removing them as ive read this works, but to no avail.

Im Using Windows 7 Starter and Google Chrome if that matters?

Ive downloaded HJT and have the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:26:47, on 13/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...93ww65w67266274
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...93ww65w67266274
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...93ww65w67266274
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...93ww65w67266274
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 10889 bytes

Thanks for any help

Ill Add the DDS Logs in now

PeteC · 2009/12/13

Welcome to WindowsBBS

It is the DDS logs that our malware experts require - HJT is no longer sufficient.

As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.

Bmwm3evo · 2009/12/13

Thanks for the quick reply, i couldnt find my post so i couldnt reply with the logs .

Here they are:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 17:10:42.51 on 13/12/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1012.281 [GMT 0:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\MyColors\VistaSrv.exe
C:\Program Files\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\Desktop\dds (1).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe "
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon= "hidden "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-21 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-6-4 1150496]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-8-21 253952]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-8-21 240160]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-21 119256]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-8-28 17408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-21 167424]
S4 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2009-8-21 332272]

=============== Created Last 30 ================

2009-12-13 04:06:31 0 d-----w- c:\programdata\Yahoo! Companion
2009-12-13 04:06:26 0 d-----w- c:\program files\Yahoo!
2009-12-13 03:52:27 0 d-----w- c:\users\chris\appdata\roaming\CheckPoint
2009-12-13 03:52:14 0 d-----w- c:\program files\CheckPoint
2009-12-13 03:51:55 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-13 03:51:37 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-13 03:51:37 422437 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-13 03:51:37 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-13 03:51:35 0 d-----w- c:\program files\Zone Labs
2009-12-13 03:51:02 0 d-----w- c:\programdata\CheckPoint
2009-12-13 03:51:01 0 d-----w- c:\windows\Internet Logs
2009-12-13 03:09:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 02:54:51 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-13 02:51:55 0 d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2009-12-13 02:51:55 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-13 02:50:05 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-12 18:29:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 18:29:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 17:09:26 65536 --sha-w- c:\users\chris\ntuser.dat{574c5a1a-e627-11de-9bbd-00269e21da2a}.TM.blf
2009-12-12 17:09:26 524288 --sha-w- c:\users\chris\ntuser.dat{574c5a1a-e627-11de-9bbd-00269e21da2a}.TMContainer00000000000000000002.regtrans-ms
2009-12-12 17:09:26 524288 --sha-w- c:\users\chris\ntuser.dat{574c5a1a-e627-11de-9bbd-00269e21da2a}.TMContainer00000000000000000001.regtrans-ms
2009-12-11 07:08:25 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2009-12-11 07:08:02 0 d-----w- c:\programdata\Malwarebytes
2009-12-11 07:07:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-11 04:43:59 0 d--h--w- C:\MyWinLockerData
2009-12-11 04:35:08 0 d-----w- c:\program files\Trend Micro
2009-12-10 22:28:25 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-10 22:28:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-10 22:15:05 0 d-----w- c:\program files\CCleaner
2009-12-08 02:10:54 0 d-----w- c:\program files\common files\PX Storage Engine
2009-12-08 02:09:46 0 d-----w- c:\program files\common files\DivX Shared
2009-12-08 02:09:44 0 d-----w- c:\program files\DivX
2009-12-04 19:14:34 0 d-----w- c:\users\chris\appdata\roaming\XBMC
2009-12-04 19:12:58 0 d-----w- c:\program files\XBMC
2009-12-04 18:28:42 0 d-----w- c:\program files\SBPaper
2009-12-04 16:35:55 0 d-----w- c:\program files\VideoLAN
2009-12-04 03:10:58 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-04 03:03:25 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-03 23:31:56 0 d-----w- c:\program files\common files\Stardock
2009-12-03 23:31:37 0 d--h--w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
2009-12-03 23:31:34 0 d-----w- c:\program files\Stardock
2009-12-03 19:01:47 0 d-----w- c:\programdata\PlayFirst
2009-12-03 18:24:50 0 d-----w- c:\program files\GamesBar
2009-12-03 18:17:05 0 d-----w- c:\program files\uTorrent
2009-12-03 18:16:25 0 d-----w- c:\users\chris\appdata\roaming\uTorrent
2009-12-03 13:14:41 0 d-----w- c:\programdata\AWEM
2009-12-03 13:14:09 0 d---a-w- c:\programdata\TEMP
2009-12-03 13:13:56 0 d-----w- c:\users\chris\appdata\roaming\GameConsole
2009-12-03 13:13:37 0 d-sh--w- c:\users\chris\appdata\roaming\.#
2009-12-03 09:51:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-03 09:51:43 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-03 09:51:43 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-03 09:51:42 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-03 09:51:42 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-03 09:51:42 2613248 ----a-w- c:\windows\explorer.exe
2009-12-03 09:51:41 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-03 09:51:41 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-03 09:51:41 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-03 09:51:39 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-03 09:18:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-02 22:43:22 0 d-----w- c:\program files\Pod to PC
2009-12-02 22:35:55 0 d-----w- c:\program files\iDump
2009-12-02 22:26:35 0 d-----w- c:\program files\ShiningMorning
2009-12-02 22:05:38 0 d-----w- c:\users\chris\appdata\roaming\LimeWire
2009-12-02 21:50:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 21:48:13 0 d-----w- c:\program files\LimeWire
2009-12-02 19:43:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-12-02 19:31:14 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-02 19:31:14 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-02 19:29:45 0 d-----w- c:\program files\iPod
2009-12-02 19:29:43 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-02 19:29:43 0 d-----w- c:\program files\iTunes
2009-12-02 19:28:15 0 d-----w- c:\program files\Bonjour
2009-12-02 19:25:33 0 d-----w- c:\programdata\Apple Computer
2009-12-02 19:22:12 0 d-----w- c:\programdata\Apple
2009-12-02 19:21:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-02 19:00:57 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-02 18:58:53 0 d-----w- c:\program files\Microsoft
2009-12-02 18:17:43 0 d-----w- c:\users\chris\Tracing
2009-12-02 18:11:07 0 d-----w- c:\program files\OEM
2009-12-02 18:10:58 0 d-----w- c:\program files\Acer Accessory Store
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll

==================== Find3M ====================

2009-12-11 08:11:12 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-03 23:35:17 20804608 ----a-w- c:\windows\system32\imageres.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-10 19:23:42 192484 ----a-w- c:\program files\common files\Acer GameZone online.ico
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:13:13.08 ===============

Bmwm3evo · 2009/12/13

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 02/12/2009 18:10:29
System Uptime: 13/12/2009 14:29:28 (3 hours ago)

Motherboard: Acer | |
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1600/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 107.158 GiB free.
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&34B4EBA9&0&000000#
Manufacturer: JMCR
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&34B4EBA9&0&000000#
Service: WUDFRd

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
AAC Decoder
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Alice Greenfingers
Amazonia
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
AutoUpdate
Bonjour
CCleaner
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
Cooking Dash
Dairy Dash
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
Google Chrome
Google Toolbar for Internet Explorer
Granny In Paradise
H.264 Decoder
Heroes of Hellas
HijackThis 2.0.2
Identity Card
iDump (Freeware) Build:30
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 16
JMicron Flash Media Controller Driver
Junk Mail filter update
Launch Manager
LimeWire 5.3.6
MagicCamera 6.4.0
Malwarebytes' Anti-Malware
Merriam Websters Spell Jam
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
MSVCRT
MyWinLocker
Norton Online Backup
Pod to PC 3.085
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scott's Wallpaper Switcher v 1.7
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Star Defender 4
Stardock MyColors
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.3
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
XBMC Media Center
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

13/12/2009 03:56:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
13/12/2009 03:52:19, Error: Service Control Manager [7030] - The ZoneAlarm Toolbar IswSvc service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
13/12/2009 03:52:02, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
13/12/2009 03:02:38, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/12/2009 03:02:36, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/12/2009 03:02:28, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/12/2009 03:02:22, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/12/2009 02:59:22, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2009 08:12:12, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

==== End Of File ===========================

PeteC · 2009/12/13

Thanks

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

Bmwm3evo · 2009/12/13

No worries, thanks for the help. Ill go check out the networking forum in the mean time .

Admin. · 2009/12/13

I see you have P2P software ( Limewire, BitTorrent, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2009/12/13

What's your security programs situation?
You said something about McAfee and Avira, but I don't see either one running.
I can see ZA running. Is it firewall only?

Bmwm3evo · 2009/12/13

Hi I did the logs in between removing mcafee and installing Avira. Proberly why neither is showing up. ZoneAlarm is firewall only.

I use uTorrent for downloading files from friends rather than downloading random torrents, so hopefully this isn't a problem, but I will uninstall limewire as i never actually use it.

broni · 2009/12/13

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Bmwm3evo · 2009/12/13

"ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

We will also announce when ComboFix is available on our Twitter and Facebook pages. "

broni · 2009/12/13

I'm sending you PM.

Bmwm3evo · 2009/12/13

Thank you for your help . Just recieved it.

broni · 2009/12/13

Ok...

Bmwm3evo · 2009/12/13

I hope this is the right thing :|

ComboFix 09-11-23.02 - Chris 13/12/2009 23:13.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1012.325 [GMT 0:00]
Running from: c:\users\Chris\Desktop\3c786fgt5.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3676927460-2511132561-1287737250-500
c:\$recycle.bin\S-1-5-21-3676927460-2511132561-1287737250-500\desktop.ini
c:\$recycle.bin\S-1-5-21-4247092672-1810595622-301955734-500
c:\$recycle.bin\S-1-5-21-4247092672-1810595622-301955734-500\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 23:17 . 2009-12-13 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-13 23:04 . 2009-12-13 23:07 24576 d-----w- C:\32788R22FWJFW
2009-12-13 23:01 . 2009-12-13 23:01 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2009-12-13 22:59 . 2009-12-13 22:59 -------- d-----w- C:\Load-CF
2009-12-13 17:41 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 17:41 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-13 17:41 . 2009-12-13 17:41 -------- d-----w- c:\programdata\Avira
2009-12-13 17:41 . 2009-12-13 17:41 -------- d-----w- c:\program files\Avira
2009-12-13 04:06 . 2009-12-13 04:06 -------- d-----w- c:\users\Chris\AppData\Roaming\Yahoo!
2009-12-13 04:06 . 2009-12-13 04:06 -------- d-----w- c:\programdata\Yahoo! Companion
2009-12-13 04:06 . 2009-12-13 04:06 -------- d-----w- c:\program files\Yahoo!
2009-12-13 03:52 . 2009-12-13 03:52 -------- d-----w- c:\users\Chris\AppData\Roaming\CheckPoint
2009-12-13 03:52 . 2009-12-13 03:52 -------- d-----w- c:\program files\CheckPoint
2009-12-13 03:52 . 2009-11-22 15:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-13 03:52 . 2009-11-22 15:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-13 03:09 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 02:55 . 2009-12-13 02:55 117760 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-13 02:54 . 2009-12-13 02:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-13 02:51 . 2009-12-13 02:52 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-12-13 02:51 . 2009-12-13 02:51 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2009-12-13 02:50 . 2009-12-13 02:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-12 18:29 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 18:29 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 07:08 . 2009-12-11 07:08 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-12-11 07:08 . 2009-12-11 07:08 -------- d-----w- c:\programdata\Malwarebytes
2009-12-11 07:07 . 2009-12-12 18:29 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-11 04:43 . 2009-12-11 04:43 -------- d-----w- C:\MyWinLockerData
2009-12-11 04:35 . 2009-12-11 04:35 -------- d-----w- c:\program files\Trend Micro
2009-12-10 22:28 . 2009-12-11 08:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-10 22:28 . 2009-12-11 08:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-10 22:15 . 2009-12-13 04:06 -------- d-----w- c:\program files\CCleaner
2009-12-08 02:10 . 2009-12-08 02:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-08 02:09 . 2009-12-08 02:10 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 02:09 . 2009-12-08 02:11 -------- d-----w- c:\program files\DivX
2009-12-04 19:14 . 2009-12-04 19:18 -------- d-----w- c:\users\Chris\AppData\Roaming\XBMC
2009-12-04 19:12 . 2009-12-04 19:18 -------- d-----w- c:\program files\XBMC
2009-12-04 18:28 . 2009-12-04 18:29 -------- d-----w- c:\program files\SBPaper
2009-12-04 16:37 . 2009-12-11 08:10 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-12-04 16:35 . 2009-12-04 16:35 -------- d-----w- c:\program files\VideoLAN
2009-12-04 03:10 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-04 03:05 . 2009-12-04 03:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-04 03:03 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-03 23:31 . 2009-12-11 08:10 -------- d-----w- c:\program files\Common Files\Stardock
2009-12-03 23:31 . 2009-12-11 08:10 -------- d--h--w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
2009-12-03 23:31 . 2009-10-22 17:32 3195360 -c--a-w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}\MyColors.exe
2009-12-03 23:31 . 2009-12-03 23:32 -------- d-----w- c:\program files\Stardock
2009-12-03 23:31 . 2009-12-03 23:31 -------- d-----w- c:\users\Chris\AppData\Local\PackageAware
2009-12-03 23:24 . 2009-12-03 23:24 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2009-12-03 19:01 . 2009-12-03 19:01 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-12-03 19:01 . 2009-12-03 19:01 -------- d-----w- c:\programdata\PlayFirst
2009-12-03 18:24 . 2009-12-03 18:24 -------- d-----w- c:\program files\GamesBar
2009-12-03 18:17 . 2009-12-03 18:17 -------- d-----w- c:\program files\uTorrent
2009-12-03 18:16 . 2009-12-13 18:11 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2009-12-03 13:14 . 2009-12-03 13:14 -------- d-----w- c:\programdata\AWEM
2009-12-03 13:13 . 2009-12-03 13:13 -------- d-----w- c:\users\Chris\AppData\Roaming\GameConsole
2009-12-03 13:13 . 2009-12-03 18:24 -------- d-sh--w- c:\users\Chris\AppData\Roaming\.#
2009-12-03 09:51 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-03 09:51 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-03 09:51 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-03 09:51 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-03 09:51 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-12-03 09:51 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-03 09:51 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-03 09:51 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-03 09:51 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-03 09:51 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-03 08:19 . 2009-12-03 08:19 -------- d-----w- c:\users\Chris\AppData\Local\myPod_Apps
2009-12-02 22:43 . 2009-12-02 22:43 4096 d-----w- c:\program files\Pod to PC
2009-12-02 22:35 . 2009-12-02 22:35 -------- d-----w- c:\program files\iDump
2009-12-02 22:27 . 2009-12-11 08:10 -------- d-----w- c:\users\Chris\AppData\Local\MagicCamera
2009-12-02 22:26 . 2009-12-02 22:26 -------- d-----w- c:\program files\ShiningMorning
2009-12-02 22:05 . 2009-12-12 19:13 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-12-02 21:50 . 2009-12-02 21:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 21:49 . 2009-12-02 21:49 -------- d-----w- c:\program files\Java
2009-12-02 21:48 . 2009-12-02 22:05 4096 d-----w- c:\program files\LimeWire
2009-12-02 19:42 . 2009-12-02 19:42 -------- d-----w- c:\users\Chris\AppData\Local\Diagnostics
2009-12-02 19:31 . 2009-12-04 13:15 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer
2009-12-02 19:31 . 2009-12-03 09:37 4096 d-----w- c:\users\Chris\AppData\Roaming\Apple Computer
2009-12-02 19:31 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-02 19:31 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-02 19:31 . 2009-12-02 19:31 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-02 19:29 . 2009-12-02 19:29 -------- d-----w- c:\program files\iPod
2009-12-02 19:29 . 2009-12-02 19:31 4096 d-----w- c:\program files\iTunes
2009-12-02 19:29 . 2009-12-02 19:31 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-02 19:28 . 2009-12-02 19:28 -------- d-----w- c:\program files\Bonjour
2009-12-02 19:25 . 2009-12-02 19:27 4096 d-----w- c:\program files\QuickTime
2009-12-02 19:25 . 2009-12-02 19:29 -------- d-----w- c:\programdata\Apple Computer
2009-12-02 19:24 . 2009-12-02 19:24 -------- d-----w- c:\users\Chris\AppData\Local\Apple
2009-12-02 19:24 . 2009-12-02 19:24 4096 d-----w- c:\program files\Apple Software Update
2009-12-02 19:22 . 2009-12-02 19:32 -------- d-----w- c:\programdata\Apple
2009-12-02 19:22 . 2009-12-02 19:29 -------- d-----w- c:\program files\Common Files\Apple
2009-12-02 19:03 . 2009-12-02 19:03 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-02 19:00 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-02 18:58 . 2009-12-02 19:04 -------- d-----w- c:\program files\Microsoft
2009-12-02 18:40 . 2009-12-02 18:41 -------- d-----w- c:\users\Chris\AppData\Local\Deployment
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\users\Chris\AppData\Local\Apps
2009-12-02 18:27 . 2009-12-02 18:27 1230960 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2009-12-02 18:19 . 2009-12-02 18:19 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD1B2.tmp.exe
2009-12-02 18:18 . 2009-12-02 18:42 4096 d-----w- c:\users\Chris\AppData\Local\Google
2009-12-02 18:17 . 2009-12-13 03:56 -------- d-----w- c:\users\Chris\Tracing
2009-12-02 18:13 . 2009-12-02 18:13 -------- d-----w- c:\users\Chris\AppData\Local\EgisTec
2009-12-02 18:11 . 2009-12-02 18:11 79136 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 18:11 . 2009-12-02 18:11 -------- d-----w- c:\program files\OEM
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 04:35 . 2009-08-21 02:05 4096 d-----w- c:\program files\Common Files\Adobe
2009-12-13 03:53 . 2009-12-13 03:51 422437 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-13 03:51 . 2009-12-13 03:51 -------- d-----w- c:\program files\Zone Labs
2009-12-13 03:51 . 2009-12-13 03:51 -------- d-----w- c:\programdata\CheckPoint
2009-12-13 03:46 . 2009-08-21 01:58 4096 d-----w- c:\programdata\McAfee
2009-12-13 03:04 . 2009-08-21 01:43 8192 d-----w- c:\programdata\Microsoft Help
2009-12-12 19:08 . 2009-08-21 01:57 -------- d-----w- c:\programdata\Partner
2009-12-11 08:11 . 2009-08-21 01:13 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-11 08:10 . 2009-08-21 01:34 4096 d-----w- c:\program files\Acer GameZone
2009-12-04 03:28 . 2009-08-21 01:52 4096 d-----w- c:\program files\Microsoft Silverlight
2009-12-03 23:35 . 2009-07-13 23:42 20804608 ----a-w- c:\windows\system32\imageres.dll
2009-12-03 09:18 . 2009-12-03 09:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-02 19:43 . 2009-12-02 19:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-12-02 19:21 . 2009-12-02 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-02 19:03 . 2009-08-30 06:49 4096 d-----w- c:\program files\Windows Live
2009-12-02 18:10 . 2009-12-02 18:10 -------- d-----w- c:\program files\Acer Accessory Store
2009-11-22 15:44 . 2009-12-13 03:51 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-11-22 15:42 . 2009-12-13 03:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-02-10 19:23 . 2009-08-21 01:34 192484 ----a-w- c:\program files\Common Files\Acer GameZone online.ico
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]
"Google Update "= "c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-02 135664]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2009-12-03 289584]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder "= "c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" [X]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"Acer ePower Management "= "c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-08-21 809480]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-21 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [02/06/2009 11:15 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [02/06/2009 11:15 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [02/06/2009 11:15 60976]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [13/07/2009 23:52 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/12/2009 17:41 108289]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [21/08/2009 01:55 727584]
R2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [04/06/2009 13:04 1150496]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 13:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 13:30 476528]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [06/08/2009 17:18 311592]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [21/08/2009 02:09 253952]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [21/08/2009 01:54 240160]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21/08/2009 02:03 119256]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E62x86.sys [21/08/2009 02:03 47616]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28/08/2009 19:42 17408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RtsUStor.sys [21/08/2009 01:18 167424]
S4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [21/08/2009 01:57 332272]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6ea32e0-dfea-11de-ad46-00269e21da2a}]
\shell\AutoRun\command - D:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247092672-1810595622-301955734-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 18:41]

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247092672-1810595622-301955734-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 18:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-LManager - c:\windows\UNINST32.EXE LManager.UNI
AddRemove-Stardock MyColors - c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}\MyColors.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\program files\JMicron\JMCR_DIR\setup.exe delpkg

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(564)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2009-12-13 23:37
ComboFix-quarantined-files.txt 2009-12-13 23:36

Pre-Run: 113,734,131,712 bytes free
Post-Run: 113,649,565,696 bytes free

- - End Of File - - 50067B9CA73C70176AAD592D65FD2006

broni · 2009/12/13

I don't see anything interesting there.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Restart computer.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

Bmwm3evo · 2009/12/16

Just an update, Ive had a blue screen when doing the complete scan a couple of times, and a few times it has completed the first scan then Ive needed to take the computer away to do some work so have had to close it.

I plan to run it over night tonight.

Thanks, Chris

broni · 2009/12/16

Ok...

Bmwm3evo · 2009/12/18

Sorry for the wait, i hope this is the right thing i saved:

Process in memory: C:\Windows\system32\svchost.exe:736;;BackDoor.Tdss.565;Eradicated.;
iaStor.sys;C:\Windows\system32\drivers;BackDoor.Tdss.1365;Cured.;
iastor.sys;c:\windows\system32\drivers;BackDoor.Tdss.1365;Cured.;
iastor.sys;c:\windows\system32\drivers;BackDoor.Tdss.1365;Cured.;
iaStor.sys;C:\Windows\System32\drivers;BackDoor.Tdss.1365;Cured.;

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:34, on 18/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 9386 bytes

broni · 2009/12/18

How is redirection issue?

Log in or Sign up

Inactive [InActive] Another Google Redirect Problem

Bmwm3evo Inactive Thread Starter

PeteC SuperGeek Staff

Bmwm3evo Inactive Thread Starter

Bmwm3evo Inactive Thread Starter

PeteC SuperGeek Staff

Bmwm3evo Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive [InActive] Another Google Redirect Problem

Bmwm3evo Inactive Thread Starter

PeteC SuperGeek Staff

Bmwm3evo Inactive Thread Starter

Bmwm3evo Inactive Thread Starter

PeteC SuperGeek Staff

Bmwm3evo Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches