Virus? Pc Is Running a bit slow I think

[TexasSportsFan]

Hello all =)

I trust all have been well. I seem to have a bit of a quandry. I thought I had a virus based on the inability to run MalwareBytes. I'm running Superantispware, Spyware Terminator and IOBIT Security 360 which has found 5 infections.

I will attach logs as soon as the scans finish, but upon trying to run MalwareBytes I get an error of "An error has Occured"

MBAM_ERROR_EXPANDING VARIBLES (0,9)

Any Ideas?

(The logs will be in my next post)
Matt

[TexasSportsFan]

The IOBIT Scan has come back with 4 BHO Crawler Toolbars and a tracking cookie. All were removed. I'll post the SuperAntispyware log and the Spyware Terminator log when it is complete.

By the way, I'm running Avast 5 Free. (MSE was dragging on my system before) Matt

[TexasSportsFan]

No threats from the Superantispyware or Spyware Terminator scans.

[touch]

Hello


Let´s see what´s it all about.

Download Ccleaner: Here
Click on ->
“Download
Latest Version”

Once installed, run CCleaner click the Windows tab
Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Then click Run Cleaner (bottom right) then Exit


We need to get a comprehensive report of what is present in your system.
Please download DDS: Here

If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click.
Then save it on the desktop. Save as dds.scr
Save as Type : All files

to your Desktop and doubleclick on DDs.scr to run it.
If your security software includes script blocking features, please disable these before you run this utility.


When the scan has finished, two logs will open.
Copy and paste both reports in this topic.
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer.

[TexasSportsFan]

I have tried to download DDS and a whole bunch of text & characters have appeared but not the download. Could I try to get this download in safe mode??

[TexasSportsFan]

"this program cannot be run in DOS mode".

[touch]

Ok. Are you using Firefox ?

"If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click.
Then save it on the desktop. Save as dds.scr
Save as Type : All files"

[TexasSportsFan]

I am indeed and will try this.

[TexasSportsFan]

DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by office at 10:04:43.73 on Thu 10/28/2010
Internet Explorer: 9.0.7930.16406
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1513 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\office\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.e xe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\office\appdata\roaming\mozilla\firefox\pr ofiles\bvw85qi3.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-28 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2010-10-28 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-10-28 50768]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-28 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-28 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-15 21504]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2010-9-15 21504]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV 3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTB S23.SYS [2006-11-2 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-28 14:00:43 -------- d-----w- c:\program files\CCleaner
2010-10-28 13:54:52 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-28 13:54:47 38848 ----a-w- c:\windows\avastSS.scr
2010-10-27 18:08:23 -------- d-----w- c:\program files\Yahoo!
2010-10-27 12:57:55 -------- d-----w- c:\users\office\appdata\roaming\Panda Security
2010-10-27 12:56:32 -------- d-----w- c:\program files\Panda Security
2010-10-27 12:31:06 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e388abfd-7f14-4877-a611-a4b979b78bf3}\mpengine.dll
2010-10-27 01:22:16 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6
2010-10-26 21:26:56 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-26 21:24:10 -------- d-----w- c:\progra~2\IObit
2010-10-26 19:44:39 -------- d-----w- c:\users\office\appdata\local\Apple
2010-10-26 18:01:47 -------- d-----w- c:\program files\VS Revo Group
2010-10-26 16:46:59 -------- d-----w- c:\users\office\appdata\local\Yahoo
2010-10-26 16:20:22 -------- d-----w- c:\users\office\appdata\roaming\Auslogics
2010-10-24 18:28:34 -------- d-----w- c:\program files\MSECache
2010-10-24 00:46:20 -------- d-----w- c:\progra~2\Alwil Software
2010-10-22 22:56:45 -------- d-----w- c:\users\office\appdata\local\CrashDumps
2010-10-22 22:49:38 -------- d-----w- c:\program files\common files\Filseclab
2010-10-22 00:28:29 -------- d-----w- c:\users\office\appdata\local\Microsoft Help
2010-10-20 15:50:51 -------- d-----w- c:\progra~2\HF_PCA_1.01.01.0003
2010-10-13 12:39:26 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 12:39:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 12:39:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 12:39:05 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 12:39:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 12:39:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 12:39:04 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 12:38:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 12:38:49 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 12:38:49 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 12:38:46 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 12:38:43 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 12:38:43 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 12:38:41 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 12:38:38 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 12:38:37 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 12:38:33 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-08 21:00:23 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-10-06 01:22:39 -------- d-----w- c:\users\office\appdata\roaming\.purple
2010-10-06 01:22:07 -------- d-----w- c:\program files\Pidgin
2010-10-02 20:28:51 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025
2010-10-02 20:28:51 -------- d-----w- c:\windows\system32\drivers\NAV
2010-10-01 23:40:01 -------- d-----w- c:\progra~2\TuneUp Software
2010-10-01 23:39:54 -------- d-sh--w- c:\progra~2\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-30 21:53:16 -------- d-----w- c:\users\office\appdata\local\Thunderbird
2010-09-30 19:27:59 -------- d-----w- c:\progra~2\Norton
2010-09-30 19:27:47 -------- d-----w- c:\progra~2\NortonInstaller
2010-09-30 16:36:04 -------- d-----w- c:\windows\system32\RTCOM
2010-09-30 01:16:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-09-28 20:31:05 -------- d-----w- c:\progra~2\Returnil
2010-09-28 18:49:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 17:28:18 -------- d--h--w- c:\progra~2\Common Files

[TexasSportsFan]

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 16:35:57 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-30 16:35:55 315392 ----a-w- c:\windows\HideWin.exe
2010-09-15 18:29:06 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-09-15 18:28:42 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-09-15 14:57:38 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-09-15 14:57:36 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-15 13:13:39 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-15 08:00:37 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-15 05:20:08 98816 ----a-w- c:\windows\system32\mfps.dll
2010-09-15 05:20:08 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-09-15 05:20:08 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-15 05:20:08 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-09-15 05:20:08 2048 ----a-w- c:\windows\system32\mferror.dll
2010-09-15 05:16:43 37888 ----a-w- c:\windows\system32\printcom.dll
2010-09-15 05:16:33 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-09-15 05:16:17 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-09-15 05:16:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-09-15 05:16:17 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-09-15 05:15:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-15 05:15:45 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-09-15 05:15:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-15 05:15:44 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-15 05:15:44 471552 ----a-w- c:\windows\system32\secproc.dll
2010-09-15 05:15:44 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-15 05:15:44 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-15 05:15:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-15 05:15:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-15 04:26:34 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-15 04:26:33 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-15 04:26:33 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-15 04:22:21 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-09-15 04:22:20 272896 ----a-w- c:\windows\system32\polstore.dll
2010-09-15 04:17:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-15 04:17:02 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-15 04:17:02 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-15 04:17:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-15 04:17:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-15 04:17:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-15 04:17:02 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-15 04:17:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-15 03:43:51 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-15 03:43:51 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-15 03:43:51 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-15 03:43:51 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-15 03:43:50 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-15 03:43:50 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-09-15 03:43:48 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-09-15 03:42:51 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-09-15 03:42:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-09-15 03:42:49 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-09-15 03:41:55 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-15 03:35:10 71680 ----a-w- c:\windows\system32\atl.dll
2010-09-15 03:29:28 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-09-15 03:28:37 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-09-15 03:28:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-09-15 03:28:37 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-09-15 03:25:23 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-15 03:20:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-09-15 03:17:02 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-15 03:12:05 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-15 03:11:15 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-15 03:11:15 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-15 03:11:15 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-15 03:11:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-15 03:11:15 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-15 03:08:59 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-09-15 03:06:11 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-09-15 03:04:07 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-09-15 03:04:07 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-09-15 03:02:58 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-09-15 02:32:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-09-15 02:31:23 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-09-15 02:31:07 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-09-15 02:30:26 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-09-15 02:29:52 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-09-15 02:29:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-15 02:28:26 243712 ----a-w- c:\windows\system32\rastls.dll
2010-09-15 02:28:14 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-09-15 02:26:58 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-09-15 02:26:57 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-09-15 02:26:57 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-09-15 02:26:57 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-09-15 02:26:57 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-09-15 02:26:57 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-09-15 02:26:56 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-09-15 02:26:56 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-09-15 02:26:56 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-09-15 02:26:56 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-09-15 02:26:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-09-15 02:25:52 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-15 02:25:51 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-15 02:25:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-09-15 02:25:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-15 01:22:07 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-15 01:21:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-15 01:21:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-15 01:21:29 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-01 05:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 05:44:32 367104 ----a-w- c:\windows\system32\html.iec

============= FINISH: 10:05:13.93 ===============

[TexasSportsFan]

DDS (Ver_10-10-21.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/14/2010 7:49:15 PM
System Uptime: 10/28/2010 9:53:05 AM (1 hours ago)

Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 449.176 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
avast! Free Antivirus
CCleaner
DJ_AIO_06_F2400_SW_Min
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HSF2014 56K Data Fax Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Pidgin
Realtek High Definition Audio Driver
Revo Uninstaller 1.90
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

10/28/2010 9:55:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi spldr Wanarpv6
10/28/2010 9:55:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 9:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/28/2010 9:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/28/2010 9:53:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/28/2010 9:53:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/28/2010 9:53:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/28/2010 9:53:22 AM, Error: volmgr [46] - Crash dump initialization failed!
10/27/2010 7:56:40 AM, Error: Service Control Manager [7030] - The Panda Cloud Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/26/2010 6:21:11 PM, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
10/26/2010 4:37:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi SASDIFSV SASKUTIL spldr sp_rsdrv2 Wanarpv6
10/26/2010 1:54:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

==== End Of File ===========================

[touch]

Download Ccleaner: Here
Click on ->
“Download
Latest Version”

Once installed, run CCleaner click the Windows tab
Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Then click Run Cleaner (bottom right) then Exit


Please download Malwarebytes' Anti-Malware: Here
to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.

NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Click: Here
to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\Hijack This.
Click I accept
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ?

[TexasSportsFan]

I can't seem to run mbam (even though it downloads ok). The errors are still present. I cannot actually run a scan with it because the above errors prevent the running of MBAM, even in safe mode.

Once the program has loaded, select Perform full scan, then click Scan, I cannot seem to do based on MBAM_ERROR_EXPANDING VARIBLES (0,9) and other errors. Will post the HJT log in my next report.

[TexasSportsFan]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:43 AM, on 10/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.e xe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 3320 bytes

[TexasSportsFan]

I am out of town until Tuesday, I'll pick this back up when I return, and sorry for the inconvenience.