Hi,

IE8 won't open and search results are being hijacked when using Chrome, Firefox etc. I also had defragmenter with S&D seems to have disabled.

I have used CCleaner to 'fix' registry issues. I was using AVG free but I removed it and I'm now using Microsoft Essentials.

I have downloaded and run ERUNT.

Thanks in advance for any help you can provide.

I have attached the 'attach'file and here is the DDS log:-



DDS (Ver_10-12-12.02) - NTFSx86
Run by *** **** at 14:15:09.48 on 31/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.437 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\WINDOWS\snuvcdsm.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Documents and Settings\T** W***\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aod260&r=0xph0910r935l0404wu65w4602t397
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aod260&r=0xph0910r935l0404wu65w4602t397
mStart Page = hxxp://home.sweetim.com
mURLSearchHooks: H - No File
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4ABD3CBD-6269-4A28-8E91-F08512208658} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\fun4im\plugins\ie\ieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [aHvFmtjxlhgIe.exe] c:\docume~1\******~1\locals~1\temp\aHvFmtjxlhgIe.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [snuvcdsm] c:\windows\snuvcdsm.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [AMService] c:\windows\system32\setup.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\******~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2010-5-6 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2010-5-6 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2010-5-6 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-5-6 312400]
R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\fun4im\Bandoo.exe [2010-11-23 1938880]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-5-6 260640]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-5-6 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-6 60456]
R3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-2-1 305520]
S2 AMService;AMService;c:\windows\temp\lrtj\setup.exe run --> c:\windows\temp\lrtj\setup.exe run [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 135664]
S2 kroover;kroover; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-6 1691480]

=============== Created Last 30 ================

2010-12-30 21:16:37 -------- d-----w- c:\docume~1\******~1\applic~1\Malwarebytes
2010-12-30 21:16:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 21:16:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-30 21:16:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-30 21:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 18:12:45 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cf333929-acec-466d-ba2e-2cb58bc1e3f9}\mpengine.dll
2010-12-29 18:12:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-29 17:59:55 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-19 21:42:38 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-12-19 21:42:38 608448 ----a-w- c:\windows\system32\comctl32.ocx
2010-12-19 21:42:38 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-12-19 21:42:37 -------- d-----w- c:\program files\AML Products
2010-12-19 14:33:00 -------- d-----w- c:\docume~1\******~1\locals~1\applic~1\Temp
2010-12-18 11:09:12 -------- d-----w- c:\docume~1\******~1\applic~1\Yboza
2010-12-13 18:01:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85DB8566]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85dbe624]; MOV EAX, [0x85dbe6a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x85DFF030]
3 CLASSPNP[0xF768DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008c[0x867DB838]
5 ACPI[0xF74A4620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86754028]
\Driver\iaStor[0x867493A0] -> IRP_MJ_CREATE -> 0x85DB8566
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600BEVT-22A23T0__________________01.01A01#4&36fb52f8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x85DB83B2
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:17:56.21 ===============