I thought I had gotten rid of a fake antivirus program that had somehow got on my computer through pop ups, but it seems there is still some sort of virus on it. If anyone can help me get rid of this, I would greatly appreciate it!

I'm running Windows Vista, and I had Windows Live OneCare as my antivirus program but that expired. Then I switched over to Microsoft Security Essentials but that didn't seem to protect from much. So far, I've tried running SpyBot, Malwarebytes, SuperAntiSpyware, and the Avast free edition. They all say no viruses or malware have been found.

The fake antivirus, I think it was called Hardware Disk Defragmenter or something of the like, seems to be gone, but now I have other problems. Whenever I click a link, the browser will redirect to random websites, and sometimes even take me to Google. I had to switch my homepage to Bing on IE because Google seemed to take forever just to type in the search bar. I also get a random warning that I will be redirected to another site when no browsers are even open.

As per this thread, Read me before posting a request for assistance, I've downloaded and run all the programs.

Malwarebytes' Anti-malware Log:

Malwarebytes' Anti-Malware 1.50

Database version: 5322

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/15/2010 3:08:16 PM
mbam-log-2010-12-15 (15-08-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 257946
Time elapsed: 1 hour(s), 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER One.Log:

GMER - http://www.gmer.net
Rootkit quick scan 2010-12-15 15:52:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-22VWA0 rev.12.01B02
Running: db14nq0j.exe; Driver: C:\Users\Albert\AppData\Local\Temp\pxloypow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90386BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x903869D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x90386B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:252] 85B6758D
Thread System [4:256] 85B68876

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-12-05.01) - NTFSx86
Run by Albert at 15:53:46.10 on Wed 12/15/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1618 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\albert\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\albert\appdata\roaming\mozilla\firefox\profiles\r7vjd1be.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port - 23012
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\users\albert\appdata\local\google\update\\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\albert\appdata\roaming\mozilla\firefox\profiles\r7vjd1be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-7 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-7 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-7 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-7 40384]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-5 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-7 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2007-12-5 98984]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\nbhregincdsrv.exe --> c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-15 03:32:46 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-15 03:32:45 389632 ----a-w- c:\windows\system32\html.iec
2010-12-15 03:32:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-15 03:32:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 03:31:51 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-07 20:26:29 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 20:25:33 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:53:45 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-06 17:34:25 -------- d-----w- c:\users\albert\appdata\roaming\SUPERAntiSpyware.com
2010-12-06 05:47:50 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-06 05:45:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-05 20:25:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-05 20:25:28 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-22 23:14:36 557208 ----a-w- c:\progra~2\SPL673A.tmp

==================== Find3M ====================

2010-11-15 00:59:08 2529482 ----a-w- c:\progra~2\SPL9F4A.tmp
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:00:55.14 ===============



DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/1/2008 4:43:13 PM
System Uptime: 12/15/2010 1:52:12 PM (3 hours ago)

Motherboard: Acer | | F690GVM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket AM2 | 1000/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 89.944 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 143.943 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #3
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&2B8E0B4B&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&2B8E0B4B&0
Service: i8042prt

==== System Restore Points ===================

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer Registration
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
att.net Internet Mail
avast! Free Antivirus
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ClassicPro© v1.13
eSobi v2
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InCD Reader
Java(TM) 6 Update 16
Lexmark 2600 Series
Lexmark Fax Solutions
Lexmark Tools for Office
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Media Maker 8
OGA Notifier 2.0.0048.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spybot - Search & Destroy
The Sims 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (08/19/2007
YUAN PE585QA Driver

==== End Of File ===========================

I've tried running GMER a couple of times, but right into the second scan it says the program has stopped responding and can't continue.

Once again I would greatly appreciate if anyone can help me get rid of this pesty nuisance! Thanks a bunch in advance.

Recommended Answers

All 25 Replies

Hi and welcome to the Daniweb forums :).


Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

commented: Thanks for your help! +0

Combofix Log:

ComboFix 10-12-15.06 - Albert 12/15/2010 23:28:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1631 [GMT -6:00]
Running from: c:\users\Albert\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))

2010-12-16 05:58 . 2010-12-16 06:00 -------- d-----w- c:\users\Albert\AppData\Local\temp
2010-12-16 05:58 . 2010-12-16 05:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 03:32 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-15 03:32 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
2010-12-15 03:32 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-15 03:32 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 03:31 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-07 20:26 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-07 20:26 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-07 20:26 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-07 20:26 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-07 20:26 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 20:25 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 20:25 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-07 01:53 . 2010-12-08 01:10 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-06 17:34 . 2010-12-06 17:34 -------- d-----w- c:\users\Albert\AppData\Roaming\SUPERAntiSpyware.com
2010-12-06 05:47 . 2010-12-06 05:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-06 05:45 . 2010-12-06 05:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-06 04:16 . 2010-12-06 04:16 -------- d-----w- c:\windows\Sun
2010-12-05 22:31 . 2010-12-05 22:32 -------- d-----w- c:\users\Administrator
2010-12-05 20:25 . 2010-12-05 22:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-05 20:25 . 2010-12-05 22:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-22 23:14 . 2010-11-22 23:14 557208 ----a-w- c:\programdata\SPL673A.tmp

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-11-29 23:42 . 2010-11-15 00:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2010-11-15 00:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 00:59 . 2010-11-15 00:59 2529482 ----a-w- c:\programdata\SPL9F4A.tmp
2010-10-19 16:41 . 2010-06-03 06:34 222080 ------w- c:\windows\system32\MpSigStub.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-06 136176]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-12-17 09:55 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2007-12-17 09:55 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2007-12-17 09:55 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-11-29 23:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2007-12-05 98984]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-12-05 594600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

--- Other Services/Drivers In Memory ---

*Deregistered* - pxloypow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192053444-4147783381-2996471452-1000Core.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-06 06:58]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192053444-4147783381-2996471452-1000UA.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-06 06:58]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{C3D9CFE3-29F4-4637-BAAB-FDECDBA11C11}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\r7vjd1be.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port - 23012
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)
HKLM-Run-eRecoveryService - (no file)


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 00:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

--------------------- LOCKED REGISTRY KEYS ---------------------

@Denied: (A 2) (Everyone)




@Denied: (A 2) (Everyone)



@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1412)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
Completion time: 2010-12-16 00:18:08
ComboFix-quarantined-files.txt 2010-12-16 06:17

Pre-Run: 96,220,422,144 bytes free
Post-Run: 96,222,687,232 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 86A97BA2A00E783A6354757F2EE03E08

Looks ok. How is the PC now?

So far I haven't been redirected and Google seems to be working in IE without delay. Thanks for your help and time, I really appreciate it!

No worries.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

May i intrude to ask why you can only use combofix once?

Oh and by the way thank you sooo much. I don't know why malwarebites wasn't working but this definitely did the job :)

kalibone, this is not your thread. There are many specific rules for running combofix and running it once is only one of them. If you have problems you should create your own thread. We have no idea what you are talking about concerning Malwarebytes' but if you have used combofix on your own you have violated the number one rule concerning it's use:

1. NEVER USE IT UNLESS YOU HAVE BEEN TOLD TO USE IT BY A HELPER AND NEVER USE IT ON YOUR OWN. Running this program without supervision can cause your computer to not operate correctly.

2. Combofix is only for very specific infections, not for all infections.

3. Once the program is run and a log posted then that log is analyzed by the helper who requested the running. Each and every line of the log is read. There may be another fix required using a Script created for that specific copy of combofix, then it would be used that one time for that one computer. After that then combofix absolutely must be uninstalled in a very specific way and that copy must never be used again.

4. Combofix is constantly being reviewed and updated. Even it's download page only have that particular copy available only for 10 minutes, if 10 minutes pass before a person downloads then the page must be refreshed because the download would not work. There are two websites where the legal copy of combofix can be downloaded bleepingcomputer or forospyware and any other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix.
These outdated copies can contain bugs that may render some machines unbootable.

It absolutely, positively is NOT a tool a person should download and keep for future use. It could be outdated within a few hours of download.

It is a very powerful tool and could render a computer totally unbootable or damage key system files if used without supervision or used for the wrong type of infection.

I guess I need to use this same thread for my problem. Sorry about any confusion!

I think I still need some help or any advice. It seems that whether I have a browser open, a game or even a movie, it will click off the main program and I have to reclick onto it. If it's a game open, it will minimize itself to the taskbar every few minutes. When I play a movie on full screen, after a few minutes it will minimize itself. I'm not sure if there's spyware/malware or if some sort of application that is taking priority but it is getting very aggravating.

Any ideas or suggestions? I'd greatly appreciate it and thanks in advance.

Sorry this took so long. What browser are you using when this happens? When you say a game, is this an online game or a game installed on the computer?

It happens whether I'm using Firefox or IE. As for the game, it's the Sims, so installed.

Honestly this doesn't sound like infection, almost sounds to me like power or memory issue. When this happens how many browser windows do you have open? When playing the game do you have a lot of other items open and running also?

When I have browsers open, maybe two or up to three, if even one... When playing the game, the only other thing I pretty much have running is the antivirus program. So, I've tried turning that off to see if it wouldn't happen and it still did. This only started happening shortly after the virus I previously had was removed. If it's power or memory, what do you suggest?

Don't know that this would cause any of this but it would bring it up to date.
Go here and download and install the latest version:


Let me get crunchie to take a look here again and he may have suggestions. I would suggest that you update your java program as it is way out of date.

Vista is a real pain to get right once it has had a bad infection. Do you have the Vista CD at all?
We can try the system file checker or a system repair if you have it.
Are you getting any pop up messages when you lose focus?

Unfortunately, I don't have the Vista CD nor do I get any pop up messages when it happens. I'll update my Java program and see what happens. I appreciate the help guys. Thanks a bunch.

I cannot believe I'm asking again, but here goes.

After I updated Java, everything seemed to be working okay again. However, just recently, my computer started freaking out and would just reboot itself after displaying a blue screen that said something about a "bad prop header". I couldn't catch the rest, because it would be up briefly and the computer would restart. Eventually, I got it to stay on long enough to run a registry cleaner and it seems to be staying on now.

However, I have noticed that a random website pop up has started to appear even when I have no browsers open. I try to click it closed as soon as I see it, but I don't know if I'm preventing anything from happening by doing that. I'm also getting re-directed once again to random sites whenever I'm doing searches on a browser. Google is running fairly slow again too. Do you think this could be the same virus again? Also, I'm sure this sounds pretty naive, but is it possible for viruses to cause damage to the registry to do what it did to mine?

Please help! Any advice on how to get rid of these virus permanently? I'm grateful for any suggestions or help. :-)

I don't believe you read that blue screen message correctly, at least I could find nothing with an error message like that.

I honestly think you are going to need to reformat the computer. Don't know how you are going to do this of course without an operating system disk but this is the only answer I know at this point.
I got it to stay on long enough to run a registry cleaner
If this is something that you have done on a regular basis prior to this infection then this very well could be the real cause of all your problems.
There is no reason in the world to ever use a registry cleaner. A person I trust and have learned a lot from wrote this concerning using an automated registry cleaner and I have always followed his advice to the letter;
Using an automated cleaner to try to fix a problem is akin to using a shotgun to remove an appendix. The best way to deal with (possibly) registry-related issues is is to thoroughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).
If an infection creates registry entries then good tools like MBA-M and several others WILL remove these infected registry entries and there is no reason to use some automated tool to "clean or boost" the registry. They are just not needed.

Actually it was the first time I've used a registry cleaner. It was just something that I came across from researching it on the web. I'm pretty sure it said "bad_prop_header" though. I tried multiple times to get my computer running, and there was basically a whole paragraph, but that's all I caught every time.

Supposedly the terms "bad prop header" is relevant to when there are problems with hardware or software being incorrectly installed or I believe, corrupted files. I'm not sure though. However, I did neither, so I'm assuming it was the virus.

I've run MBA-M and Spybot, but both turn up with "0" infected files. I'll trying running them again, just in case. Should I post the log?

By the way, thanks for you help and quick responses, jholland. I appreciate it a lot.

Terribly sorry, major typo there. It was actually "bad pool header".

This error is usually caused by a bad hardware driver. You should check for updated drivers for all of your hardware, audio, video, printers, scanners, etc.

Okay, will do. In the meantime, do you think I could get pick your brain on how to remove the redirecting virus? I'd appreciate it.

Your scans were clean, you told Crunchie you were not getting redirects anymore. This showed the virus is gone. Why do you think you have a new virus?

Yes, it was gone. However, like I said previously, I started getting another pop up recently and now I've been getting redirected again. I think I'm going to have it looked at by someone. I appreciate your help, jholland! Thanks a bunch.

Sorry we couldn't help you anymore. Good luck.

Simple things first regarding the bad pool error. You might check your hard drive for errors [some software might be introducing an error because of minor corruption].... In the Start, Run window enter...
chkdsk /r
After that, stop and then uninstall your AV service [Avast], then reinstall it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.