Solved Trojans found on daughters computer

trub · 2009/10/14

[Resolved] Trojans found on daughters computer

I ran malware bytes and found some junk. Will post the dds and malwarebytes logs. Appreciate the help in advance.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/29/2009 12:16:47 PM
System Uptime: 10/14/2009 1:02:14 AM (2 hours ago)

Motherboard: Acer | | Aspire 4736Z
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | uPGA-478 | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 185.284 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP142: 10/14/2009 12:35:18 AM - Windows Vistaâ„¢ Service Pack 2

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Assist
Acer Backup Manager
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer GridVista
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Agere Systems HDA Modem
Airport Mania First Flight
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Antivirus
Backup Manager Basic
Bonjour
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
Choice Guard
Compatibility Pack for the 2007 Office system
Cooking Dash
Cradle of Rome
Dairy Dash
Dream Day Honeymoon
eSobi v2
Galapago
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 15
Jewel Quest Solitaire
Junk Mail filter update
Launch Manager
Luxor 2
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Ocean Express
Orion
Parking Dash
Puzzle Express
QuickTime
Rainbow Web
RealPlayer
Realtek High Definition Audio Driver
Skype web features
Skypeâ„¢ 4.1
Synaptics Pointing Device Driver
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Wedding Dash
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

10/14/2009 12:40:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Vista Service Pack 2 (KB948465).
10/14/2009 1:01:18 AM, Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/14/2009 1:01:18 AM, Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/14/2009 1:01:18 AM, Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/14/2009 1:01:18 AM, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/10/2009 2:02:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service.

==== End Of File ===========================

DDS (Ver_09-10-13.01) - NTFSx86
Run by Laci Ryan at 3:42:57.30 on Wed 10/14/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1696 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Users\LACIRY~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Laci Ryan\Downloads\dds(5).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe "
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe "
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe "
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe "
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickTime Plugin Install] c:\program files\quicktime\plugins\DeleteMe1.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\laciry~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\laciry~1\appdata\roaming\mozilla\firefox\profiles\f08maq6d.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\laci ryan\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-14 53328]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-5-29 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-5-22 666144]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-3-20 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-22 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-22 112992]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys [2009-5-22 48128]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-14 38224]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-22 24064]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-5-22 517120]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-9-3 110576]

=============== Created Last 30 ================

2009-10-14 01:13 <DIR> --d----- c:\users\laciry~1\appdata\roaming\Malwarebytes
2009-10-14 01:13 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 01:13 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-14 01:13 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-14 01:13 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-14 01:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 01:00 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-14 00:46 <DIR> --d----- c:\windows\system32\eu-ES
2009-10-14 00:46 <DIR> --d----- c:\windows\system32\ca-ES
2009-10-14 00:46 <DIR> --d----- c:\windows\system32\vi-VN
2009-10-14 00:34 <DIR> --d----- c:\windows\system32\EventProviders
2009-10-04 13:37 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-02 17:16 25 a------- c:\windows\cdplayer.ini
2009-10-02 17:15 <DIR> --d----- c:\program files\common files\xing shared
2009-10-02 17:15 <DIR> --d----- c:\programdata\Real
2009-10-02 17:15 <DIR> --d----- c:\program files\common files\Real
2009-10-01 22:18 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-10-01 22:18 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-01 22:18 <DIR> --d----- c:\program files\iPod
2009-10-01 22:18 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 22:18 <DIR> --d----- c:\program files\iTunes
2009-10-01 22:18 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 11:55 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-19 09:55 <DIR> --d----- c:\program files\HP DeskJet 720C Series
2009-09-16 20:00 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-09-16 20:00 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-09-16 20:00 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-09-16 19:58 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-09-16 19:57 1,053,696 a------- c:\windows\system32\msdtctm.dll
2009-09-16 19:56 273,920 a------- c:\windows\system32\wow32.dll
2009-09-16 19:55 7,168 a------- c:\windows\system32\f3ahvoas.dll

==================== Find3M ====================

2009-10-14 00:51 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-14 00:51 86,016 a------- c:\windows\inf\infstor.dat
2009-10-14 00:51 51,200 a------- c:\windows\inf\infpub.dat
2009-10-14 00:46 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-06 17:12 56 a---h--- c:\programdata\ezsidmv.dat
2009-09-06 17:12 56 a---h--- c:\progra~2\ezsidmv.dat
2009-09-03 22:28 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 07:35 828,416 a------- c:\windows\system32\wininet.dll
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:44:07.46 ===============

trub · 2009/10/14

Malwarebytes full scan results.

Windows 6.0.6002 Service Pack 2

10/14/2009 3:28:23 AM
mbam-log-2009-10-14 (03-28-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 213288
Time elapsed: 1 hour(s), 54 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\partner service (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> No action taken.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> No action taken.

Quick scan results.

Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 6.0.6002 Service Pack 2

10/14/2009 3:53:34 AM
mbam-log-2009-10-14 (03-53-28).txt

Scan type: Quick Scan
Objects scanned: 88612
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

broni · 2009/10/14

"No action taken" in MBAM log means, you didn't take any action.
Please, re-run and make sure, you fix the problems.

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

trub · 2009/10/14

Thanks I will re run the malwarebytes scan. Can you refresh my memory as to how to get combo fix from the download list in firefox to the desktop.

Thanks again

trub · 2009/10/14

Same thing for hi jack this. I am not remembering how to get them saved to desktop.

Thanks a bunch!

broni · 2009/10/14

Tools>Options>Main tab>Save files to...

trub · 2009/10/14

Got hi jack just need combo fix to desktop.

trub · 2009/10/14

I now have them both on the desktop. Will get you the scans asap.

Can not thank you enough.

broni · 2009/10/14

...

trub · 2009/10/14

Malwarebytes' Anti-Malware 1.41
Database version: 2962
Windows 6.0.6002 Service Pack 2

10/14/2009 2:20:45 PM
mbam-log-2009-10-14 (14-20-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 216358
Time elapsed: 1 hour(s), 14 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.

trub · 2009/10/14

ComboFix 09-10-13.04 - Laci Ryan 10/14/2009 14:33.1.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1906 [GMT -4:00]
Running from: c:\users\Laci Ryan\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-358480402-2928177412-2907725623-500
c:\$recycle.bin\S-1-5-21-4039676761-4287888987-4221616663-500
c:\windows\Installer\6fc80.msi
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 18:42 . 2009-10-14 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-14 17:12 . 2009-10-14 17:12 -------- d-----w- c:\program files\Trend Micro
2009-10-14 16:09 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-14 15:51 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 15:51 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 15:50 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 15:48 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 15:48 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 15:47 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 07:59 . 2009-10-14 07:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-14 07:59 . 2009-10-14 07:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-14 07:59 . 2009-10-14 07:59 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\SUPERAntiSpyware.com
2009-10-14 07:58 . 2009-10-14 07:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-14 05:13 . 2009-10-14 05:13 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Malwarebytes
2009-10-14 05:13 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 05:13 . 2009-10-14 05:13 -------- d-----w- c:\programdata\Malwarebytes
2009-10-14 05:13 . 2009-10-14 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 05:13 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 05:01 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-14 05:01 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-14 05:01 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-14 05:01 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-14 05:01 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-14 05:00 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-14 05:00 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-14 05:00 . 2009-10-14 05:00 -------- d-----w- c:\program files\Alwil Software
2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\windows\system32\ca-ES
2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\windows\system32\eu-ES
2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\windows\system32\vi-VN
2009-10-14 04:34 . 2009-10-14 04:34 -------- d-----w- c:\windows\system32\EventProviders
2009-10-08 15:28 . 2009-10-08 15:28 -------- d-----w- c:\users\Laci Ryan\AppData\Local\Yahoo!
2009-10-04 17:37 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 21:15 . 2009-10-02 21:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-02 21:15 . 2009-10-02 21:15 -------- d-----w- c:\program files\Real
2009-10-02 21:15 . 2009-10-02 21:15 -------- d-----w- c:\program files\Common Files\Real
2009-10-02 02:18 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-02 02:18 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-02 02:18 . 2009-10-02 02:18 -------- d-----w- c:\program files\iPod
2009-10-02 02:18 . 2009-10-02 02:18 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-02 02:18 . 2009-10-02 02:18 -------- d-----w- c:\program files\iTunes
2009-09-27 15:55 . 2009-10-08 16:25 -------- d-----w- C:\$AVG8.VAULT$
2009-09-20 21:45 . 2009-09-20 21:46 -------- d-----w- c:\users\Laci Ryan\AppData\Local\Adobe
2009-09-19 13:55 . 2009-09-19 14:24 -------- d-----w- c:\program files\HP DeskJet 720C Series
2009-09-17 00:00 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-17 00:00 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-09-17 00:00 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-09-16 23:58 . 2009-04-11 06:28 324608 ----a-w- c:\windows\system32\sdohlp.dll
2009-09-16 23:57 . 2009-04-11 06:28 344064 ----a-w- c:\windows\system32\msrd3x40.dll
2009-09-16 23:56 . 2009-04-11 06:28 273920 ----a-w- c:\windows\system32\wow32.dll
2009-09-16 23:55 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-09-16 23:55 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-09-16 23:55 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-16 23:55 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-16 23:55 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-16 23:55 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-16 23:55 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-16 23:55 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-16 23:55 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-16 23:55 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-16 23:55 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-16 23:55 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-16 23:55 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 18:24 . 2009-09-06 21:10 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Skype
2009-10-14 18:20 . 2009-09-03 19:23 -------- d-----w- c:\programdata\Partner
2009-10-14 16:06 . 2009-09-06 21:12 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\skypePM
2009-10-14 16:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-08 14:52 . 2009-09-03 17:36 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Apple Computer
2009-10-02 02:18 . 2009-09-03 17:34 -------- d-----w- c:\program files\Common Files\Apple
2009-10-02 02:16 . 2009-09-03 17:34 -------- d-----w- c:\program files\QuickTime
2009-09-10 00:06 . 2009-09-09 23:57 -------- d-----w- c:\program files\Java
2009-09-06 21:12 . 2009-09-06 21:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-06 21:10 . 2009-09-06 21:09 -------- d-----r- c:\program files\Skype
2009-09-06 21:09 . 2009-09-06 21:09 -------- d-----w- c:\program files\Common Files\Skype
2009-09-06 21:09 . 2009-09-06 21:09 -------- d-----w- c:\programdata\Skype
2009-09-06 04:39 . 2009-09-03 17:33 -------- d-----w- c:\programdata\Apple
2009-09-05 18:25 . 2009-09-05 18:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-04 02:31 . 2009-09-04 02:28 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\U3
2009-09-04 02:28 . 2009-09-04 02:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-03 20:22 . 2009-05-23 02:04 -------- d-----w- c:\programdata\Microsoft Help
2009-09-03 19:25 . 2009-09-03 19:25 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\PowerCinema
2009-09-03 19:25 . 2009-09-03 19:25 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Leadertech
2009-09-03 19:25 . 2009-09-03 19:25 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Acer
2009-09-03 19:24 . 2009-09-03 19:24 70176 ----a-w- c:\users\Laci Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-03 19:22 . 2009-05-23 02:22 -------- d-----w- c:\program files\Acer
2009-09-03 17:36 . 2009-09-03 17:36 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-03 17:36 . 2009-09-03 17:34 -------- d-----w- c:\programdata\Apple Computer
2009-09-03 17:35 . 2009-09-03 17:35 -------- d-----w- c:\program files\Bonjour
2009-09-03 17:34 . 2009-09-03 17:34 -------- d-----w- c:\program files\Apple Software Update
2009-09-03 16:51 . 2009-09-03 16:51 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\AVG8
2009-09-03 16:37 . 2009-09-03 16:37 0 ----a-w- c:\windows\nsreg.dat
2009-09-03 16:33 . 2009-05-23 02:26 -------- d-----w- c:\programdata\McAfee
2009-09-03 16:32 . 2009-05-23 02:09 -------- d-----w- c:\program files\Google
2009-08-29 00:27 . 2009-09-03 20:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 20:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-14 16:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 16:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 16:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 16:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 20:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 20:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 20:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 20:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 20:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 20:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 20:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 20:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 20:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 20:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 20:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 10:18 . 2009-08-05 10:18 48640 ----a-w- c:\windows\system32\drivers\L1E60x86.sys
2009-07-25 09:23 . 2009-09-09 23:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 13:54 . 2009-09-03 20:12 71680 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 68856]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-23 24064]
"BackupManagerTray "= "c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-20 249600]
"Acer ePower Management "= "c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-03-11 715296]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"PLFSetI "= "c:\windows\PLFSetI.exe" [2008-07-30 200704]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-02-19 156968]
"CLMLServer "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-02-19 202024]
"PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-02-06 173288]
"Acer Assist Launcher "= "c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration "= "c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"QuickTime Plugin Install "= "c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2009-10-02 86016]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Laci Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):81,b0,0f,1b,8a,4c,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6BA545FE-4618-414D-B094-E551F16EBE32} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE53C97D-49BF-4906-A9EC-0DF0AE1B1BD9} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2E6F239A-2405-4909-BB68-15AB47D59964} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B4CEE239-4639-4A40-9A86-2F931FB082B9} "= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{884A61DA-4A14-4FD5-BE98-6D0A76CCD30C} "= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{0A6446AB-6CC4-4377-8D17-4E9B350192B3} "= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{14EDB424-717C-4533-980D-7EEED8727302} "= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CB4A4E21-4B1D-4A18-934A-FA3CC4F51390} "= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{4BA31E88-E587-4EC8-A070-6423A7F362A6} "= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{A0C6663B-88B6-4211-9461-62ED2CE2AEFA} "= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{31B08116-E1E0-4ED9-8793-507C6E65D47F} "= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{5BAE6789-013B-4900-8C4B-FF185DA0EDAD} "= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{9F34E05F-347A-41B3-95FA-6962B0BF1313} "= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0E2D640E-62A6-47CC-B917-D7C593D664A3} "= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{99BC915F-2B29-4F9E-B5E4-4E6C19706039} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{504D9534-E9BD-444C-BE47-069BCB01C321} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F4F3DCBB-306D-404B-8BCC-8984393051AF} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{09115104-73CA-43A9-A282-906BA32E36D8} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3473CE72-CA19-48F3-91E5-EC06360306FB} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{396E55BF-ED01-4DDE-A1A3-0EA3886BC71C} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9DE7093F-7906-4F98-83F1-0215646222CD} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{0B3EE3AC-1290-41F5-BE86-DA66385A8E7C}c:\\program files\\real\\realplayer\\realplay.exe "= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{F8CDFF06-F994-4D97-9ACE-1A686D272B98}c:\\program files\\real\\realplayer\\realplay.exe "= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/14/2009 1:01 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/14/2009 1:01 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/14/2009 1:00 AM 53328]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [5/29/2009 12:29 PM 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [5/22/2009 10:22 PM 666144]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [10/9/2008 7:47 PM 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [10/9/2008 7:47 PM 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [10/9/2008 7:47 PM 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10/27/2008 3:05 PM 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [3/20/2009 1:14 PM 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [9/23/2008 5:11 PM 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [5/22/2009 8:56 PM 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [5/22/2009 8:56 PM 112992]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [8/5/2009 6:18 AM 48640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/22/2009 10:09 PM 24064]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [5/22/2009 8:56 PM 517120]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [9/23/2008 5:11 PM 50424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Laci Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\f08maq6d.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Laci Ryan\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 14:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2009-10-14 14:44
ComboFix-quarantined-files.txt 2009-10-14 18:44

Pre-Run: 196,567,490,560 bytes free
Post-Run: 196,971,679,744 bytes free

283 --- E O F --- 2009-10-14 16:11

trub · 2009/10/14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:33 PM, on 10/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Users\LACIRY~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe "
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe "
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe "
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 10611 bytes

broni · 2009/10/14

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\programdata\ezsidmv.dat
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf


Folder::
C:\$AVG8.VAULT$
c:\users\Laci Ryan\AppData\Roaming\AVG8
c:\programdata\McAfee

Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

trub · 2009/10/14

Thanks I will post asap.

trub · 2009/10/14

ComboFix 09-10-13.04 - Laci Ryan 10/14/2009 15:51.2.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1767 [GMT -4:00]
Running from: c:\users\Laci Ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Laci Ryan\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat "
"c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG8.VAULT$
c:\$avg8.vault$\V_00000001.fil
c:\$avg8.vault$\V_00000002.fil
c:\$avg8.vault$\V_00000003.fil
c:\$avg8.vault$\V_00000004.fil
c:\$avg8.vault$\vvfolder.idx
c:\programdata\ezsidmv.dat
c:\programdata\McAfee
c:\programdata\McAfee\MSC\Cache\McSubDB.Bak
c:\programdata\McAfee\MSC\mcifolog.log
c:\programdata\McAfee\MSC\mcini.ini
c:\programdata\McAfee\MSC\McSubDB.Dat
c:\users\Laci Ryan\AppData\Roaming\AVG8
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 20:01 . 2009-10-14 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-14 20:01 . 2009-10-14 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-14 17:12 . 2009-10-14 17:12 -------- d-----w- c:\program files\Trend Micro
2009-10-14 16:09 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-14 15:51 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 15:51 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 15:50 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 15:48 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 15:48 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 15:47 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 07:59 . 2009-10-14 07:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-14 07:59 . 2009-10-14 07:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-14 07:59 . 2009-10-14 07:59 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\SUPERAntiSpyware.com
2009-10-14 07:58 . 2009-10-14 07:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-14 05:13 . 2009-10-14 05:13 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Malwarebytes
2009-10-14 05:13 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 05:13 . 2009-10-14 05:13 -------- d-----w- c:\programdata\Malwarebytes
2009-10-14 05:13 . 2009-10-14 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 05:13 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 05:01 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-14 05:01 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-14 05:01 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-14 05:01 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-14 05:01 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-14 05:00 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-14 05:00 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-14 05:00 . 2009-10-14 05:00 -------- d-----w- c:\program files\Alwil Software
2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\windows\system32\ca-ES
2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\windows\system32\eu-ES
2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\windows\system32\vi-VN
2009-10-14 04:34 . 2009-10-14 04:34 -------- d-----w- c:\windows\system32\EventProviders
2009-10-08 15:28 . 2009-10-08 15:28 -------- d-----w- c:\users\Laci Ryan\AppData\Local\Yahoo!
2009-10-04 17:37 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 21:15 . 2009-10-02 21:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-02 21:15 . 2009-10-02 21:15 -------- d-----w- c:\program files\Real
2009-10-02 21:15 . 2009-10-02 21:15 -------- d-----w- c:\program files\Common Files\Real
2009-10-02 02:18 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-02 02:18 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-02 02:18 . 2009-10-02 02:18 -------- d-----w- c:\program files\iPod
2009-10-02 02:18 . 2009-10-02 02:18 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-02 02:18 . 2009-10-02 02:18 -------- d-----w- c:\program files\iTunes
2009-09-20 21:45 . 2009-09-20 21:46 -------- d-----w- c:\users\Laci Ryan\AppData\Local\Adobe
2009-09-19 13:55 . 2009-09-19 14:24 -------- d-----w- c:\program files\HP DeskJet 720C Series
2009-09-17 00:00 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-17 00:00 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-09-17 00:00 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-09-16 23:58 . 2009-04-11 06:28 324608 ----a-w- c:\windows\system32\sdohlp.dll
2009-09-16 23:57 . 2009-04-11 06:28 344064 ----a-w- c:\windows\system32\msrd3x40.dll
2009-09-16 23:56 . 2009-04-11 06:28 273920 ----a-w- c:\windows\system32\wow32.dll
2009-09-16 23:55 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-09-16 23:55 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-09-16 23:55 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-16 23:55 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-16 23:55 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-16 23:55 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-16 23:55 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-16 23:55 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-16 23:55 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-16 23:55 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-16 23:55 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-16 23:55 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-16 23:55 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 19:49 . 2009-09-06 21:10 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Skype
2009-10-14 18:20 . 2009-09-03 19:23 -------- d-----w- c:\programdata\Partner
2009-10-14 16:06 . 2009-09-06 21:12 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\skypePM
2009-10-14 16:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-14 04:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-08 14:52 . 2009-09-03 17:36 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Apple Computer
2009-10-02 02:18 . 2009-09-03 17:34 -------- d-----w- c:\program files\Common Files\Apple
2009-10-02 02:16 . 2009-09-03 17:34 -------- d-----w- c:\program files\QuickTime
2009-09-10 00:06 . 2009-09-09 23:57 -------- d-----w- c:\program files\Java
2009-09-06 21:10 . 2009-09-06 21:09 -------- d-----r- c:\program files\Skype
2009-09-06 21:09 . 2009-09-06 21:09 -------- d-----w- c:\program files\Common Files\Skype
2009-09-06 21:09 . 2009-09-06 21:09 -------- d-----w- c:\programdata\Skype
2009-09-06 04:39 . 2009-09-03 17:33 -------- d-----w- c:\programdata\Apple
2009-09-05 18:25 . 2009-09-05 18:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-04 02:31 . 2009-09-04 02:28 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\U3
2009-09-03 20:22 . 2009-05-23 02:04 -------- d-----w- c:\programdata\Microsoft Help
2009-09-03 19:25 . 2009-09-03 19:25 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\PowerCinema
2009-09-03 19:25 . 2009-09-03 19:25 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Leadertech
2009-09-03 19:25 . 2009-09-03 19:25 -------- d-----w- c:\users\Laci Ryan\AppData\Roaming\Acer
2009-09-03 19:24 . 2009-09-03 19:24 70176 ----a-w- c:\users\Laci Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-03 19:22 . 2009-05-23 02:22 -------- d-----w- c:\program files\Acer
2009-09-03 17:36 . 2009-09-03 17:36 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-03 17:36 . 2009-09-03 17:34 -------- d-----w- c:\programdata\Apple Computer
2009-09-03 17:35 . 2009-09-03 17:35 -------- d-----w- c:\program files\Bonjour
2009-09-03 17:34 . 2009-09-03 17:34 -------- d-----w- c:\program files\Apple Software Update
2009-09-03 16:37 . 2009-09-03 16:37 0 ----a-w- c:\windows\nsreg.dat
2009-09-03 16:32 . 2009-05-23 02:09 -------- d-----w- c:\program files\Google
2009-08-29 00:27 . 2009-09-03 20:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 20:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-14 16:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 16:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 16:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 16:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 20:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 20:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 20:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 20:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 20:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 20:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 20:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 20:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 20:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 20:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 20:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 10:18 . 2009-08-05 10:18 48640 ----a-w- c:\windows\system32\drivers\L1E60x86.sys
2009-07-25 09:23 . 2009-09-09 23:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 13:54 . 2009-09-03 20:12 71680 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-14_18.42.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-14 18:50 52104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-14 18:50 79886 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-09-03 19:23 . 2009-10-14 18:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-03 19:23 . 2009-10-14 19:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-03 19:23 . 2009-10-14 19:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-03 19:23 . 2009-10-14 18:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-03 19:23 . 2009-10-14 19:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-03 19:23 . 2009-10-14 18:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-03 19:23 . 2009-10-14 18:50 4280 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-358480402-2928177412-2907725623-1000_UserData.bin
- 2009-10-14 18:22 . 2009-10-14 18:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-14 18:48 . 2009-10-14 18:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-14 18:22 . 2009-10-14 18:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-14 18:48 . 2009-10-14 18:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-14 18:54 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-14 18:30 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-14 18:54 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-14 18:30 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 68856]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-23 24064]
"BackupManagerTray "= "c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-20 249600]
"Acer ePower Management "= "c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-03-11 715296]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"PLFSetI "= "c:\windows\PLFSetI.exe" [2008-07-30 200704]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-02-19 156968]
"CLMLServer "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-02-19 202024]
"PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-02-06 173288]
"Acer Assist Launcher "= "c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration "= "c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"QuickTime Plugin Install "= "c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2009-10-02 86016]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Laci Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):81,b0,0f,1b,8a,4c,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6BA545FE-4618-414D-B094-E551F16EBE32} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE53C97D-49BF-4906-A9EC-0DF0AE1B1BD9} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2E6F239A-2405-4909-BB68-15AB47D59964} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B4CEE239-4639-4A40-9A86-2F931FB082B9} "= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{884A61DA-4A14-4FD5-BE98-6D0A76CCD30C} "= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{0A6446AB-6CC4-4377-8D17-4E9B350192B3} "= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{14EDB424-717C-4533-980D-7EEED8727302} "= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CB4A4E21-4B1D-4A18-934A-FA3CC4F51390} "= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{4BA31E88-E587-4EC8-A070-6423A7F362A6} "= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{A0C6663B-88B6-4211-9461-62ED2CE2AEFA} "= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{31B08116-E1E0-4ED9-8793-507C6E65D47F} "= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{5BAE6789-013B-4900-8C4B-FF185DA0EDAD} "= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{9F34E05F-347A-41B3-95FA-6962B0BF1313} "= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0E2D640E-62A6-47CC-B917-D7C593D664A3} "= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{99BC915F-2B29-4F9E-B5E4-4E6C19706039} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{504D9534-E9BD-444C-BE47-069BCB01C321} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F4F3DCBB-306D-404B-8BCC-8984393051AF} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{09115104-73CA-43A9-A282-906BA32E36D8} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3473CE72-CA19-48F3-91E5-EC06360306FB} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{396E55BF-ED01-4DDE-A1A3-0EA3886BC71C} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9DE7093F-7906-4F98-83F1-0215646222CD} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{0B3EE3AC-1290-41F5-BE86-DA66385A8E7C}c:\\program files\\real\\realplayer\\realplay.exe "= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{F8CDFF06-F994-4D97-9ACE-1A686D272B98}c:\\program files\\real\\realplayer\\realplay.exe "= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/14/2009 1:01 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/14/2009 1:01 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/14/2009 1:00 AM 53328]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [5/29/2009 12:29 PM 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [5/22/2009 10:22 PM 666144]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [10/9/2008 7:47 PM 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [10/9/2008 7:47 PM 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [10/9/2008 7:47 PM 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10/27/2008 3:05 PM 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [3/20/2009 1:14 PM 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [9/23/2008 5:11 PM 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [5/22/2009 8:56 PM 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [5/22/2009 8:56 PM 112992]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [8/5/2009 6:18 AM 48640]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/22/2009 10:09 PM 24064]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [5/22/2009 8:56 PM 517120]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [9/23/2008 5:11 PM 50424]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Laci Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\f08maq6d.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Laci Ryan\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 16:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\LACIRY~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2009-10-14 16:03
ComboFix-quarantined-files.txt 2009-10-14 20:03
ComboFix2.txt 2009-10-14 18:44

Pre-Run: 196,695,052,288 bytes free
Post-Run: 196,662,468,608 bytes free

313 --- E O F --- 2009-10-14 16:11

trub · 2009/10/14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:54 PM, on 10/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\LACIRY~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe "
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe "
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe "
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 10611 bytes

broni · 2009/10/14

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

================================================================

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

trub · 2009/10/14

Dr Web xpress found nothing. Will post logs when finished scanning.

Thanks

trub · 2009/10/14

When drweb finished it said that nothing was found. No log file or reports were created or even available for creation. I did however get a weird message upon closing drweb that said viruses found but it flashed and then was gone. Bottom line several hours of scanning with no report to show for it. I will enclose a new hijack this log but since nothing was fixed by drweb I doubt that it will be different from the last.

Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:23 PM, on 10/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\LACIRY~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\LACIRY~1\AppData\Local\Temp\dc20828622\68cj9g.exe
C:\Users\LACIRY~1\AppData\Local\Temp\dc20828622\wh8amXP.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0509&m=aspire_4736z
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe "
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe "
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe "
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 10654 bytes

broni · 2009/10/14

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

============================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
- O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
- O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
- O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
- O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
- O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
- O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

Log in or Sign up

Solved Trojans found on daughters computer

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Trojans found on daughters computer

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches