Solved On uninstalling Microsoft Security Essentials...

HopefulChild · 2010/04/16

[Resolved] On uninstalling Microsoft Security Essentials...

Nature of problem:

Microsoft Security Essentials could not load latest definitions so I got the brilliant idea of uninstalling it and downloading AVG anti-virus and two or three hours later Vista anti-malware has gone batty saying my system has been hijacked and Ive got a bunch of trojans...but when I click for it to remove the viruses,it says I need to get a registration key for their product whereas before everything was free.It has also disabled firewall protection by itself and won't let me run AVG anti-virus.

DDS (Ver_10-03-17.01) - NTFSx86
Run by william cintron at 20:25:47.64 on Fri 04/16/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1487 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\william cintron\AppData\Local\ave.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
"C:\Windows\System32\svchost.exe "
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe
C:\Windows\system32\DllHost.exe
C:\Users\william cintron\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = 77.103.153.29:9090
uInternet Settings,ProxyOverride = 127.0.0.1
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: : {fffffef0-5b30-21d4-945d-000000000000} - c:\progra~1\stardo~1\SDIEInt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {AEE556CA-C45B-4ADB-BA8E-5D28D2EB92CB} = 64.136.173.5 64.136.164.77
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-5-29 15172]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-16 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-16 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-12-11 203056]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-8-19 269448]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-4-16 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-4-16 298776]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-19 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-19 30192]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-16 23:31:06 823808 ----a-w- c:\windows\system32\drivers\wmmnn.sys
2010-04-16 12:04:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-16 12:04:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 12:04:09 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-16 12:04:08 0 d-----w- c:\windows\system32\drivers\Avg
2010-04-16 12:04:07 0 d-----w- c:\programdata\AVG Security Toolbar
2010-04-16 11:58:40 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-14 20:55:46 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 20:55:46 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 20:55:44 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:55:43 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:55:43 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:39:58 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:39:57 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:20:46 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:20:46 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:20:46 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:14:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 11:32:59 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 11:32:53 172032 ----a-w- c:\windows\system32\wintrust.dll

==================== Find3M ====================

2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-17 11:14:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
2010-02-17 11:14:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-19 09:15:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-19 09:15:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-19 09:15:28 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-19 09:15:28 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-12 00:47:29 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-12 00:47:29 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-12 00:47:29 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-12 00:47:29 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-07 19:25:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060720090608\index.dat
2009-11-30 15:56:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112320091130\index.dat
2009-12-10 00:21:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091207\index.dat
2009-12-10 00:21:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120920091210\index.dat
2009-12-12 10:58:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121220091213\index.dat
2009-12-29 13:32:59 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 20:26:54.15 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/11/2006 2:09:10 AM
System Uptime: 4/16/2010 6:52:01 PM (2 hours ago)

Motherboard: Acer | | WMCP78M
Processor: AMD Sempron(tm) Dual Core Processor 2300 | Socket AM2 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 83.781 GiB free.
D: is FIXED (NTFS) - 141 GiB total, 140.975 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP426: 3/31/2010 7:42:19 AM - Windows Update
RP427: 4/1/2010 7:49:27 AM - Windows Update
RP428: 4/2/2010 5:39:31 AM - Windows Update
RP429: 4/3/2010 5:34:14 AM - Windows Update
RP430: 4/4/2010 5:02:40 AM - Windows Update
RP431: 4/5/2010 7:39:09 AM - Windows Update
RP432: 4/6/2010 6:17:13 AM - Windows Update
RP433: 4/7/2010 4:56:18 AM - Windows Update
RP434: 4/8/2010 5:35:57 AM - Windows Update
RP435: 4/9/2010 5:38:57 AM - Windows Update
RP436: 4/10/2010 6:27:49 AM - Windows Update
RP437: 4/11/2010 6:09:09 AM - Windows Update
RP438: 4/12/2010 6:12:50 AM - Windows Update
RP439: 4/13/2010 8:06:34 AM - Windows Update
RP440: 4/15/2010 5:56:26 AM - Windows Update
RP441: 4/16/2010 6:21:22 AM - Windows Update
RP442: 4/16/2010 7:03:54 AM - Installed AVG Free 8.5
RP443: 4/16/2010 1:56:17 PM - Windows Update
RP444: 4/16/2010 6:45:05 PM - Restore Operation

==== Installed Programs ======================

® Kool-Fox Web Browser!
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Agere Systems PCI-SV92EX Soft Modem
Alice Greenfingers
Apple Software Update
AV Input Selection
AVG Free 8.5
Azada
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Canon MP Navigator EX 2.0
Canon MP240 series MP Drivers
Canon MP240 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Carbonite Online Backup Setup
Chicken Invaders 3
Evrsoft First Page 2006
FPSpellCheck (remove only)
Glary Utilities 2.13.0.686
Google Desktop
Horse Racing Fantasy 3
HOT ALBUM MYBOX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inkjet Printer/Scanner Extended Survey Program
Java(TM) 6 Update 17
Kcast Beta 2.0.0
LightScribe 1.4.142.1
LSI PCI-SV92EX Soft Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OGA Notifier 2.0.0048.0
Orca Browser
PaltalkScene
Photo Transport
PhotoFiltre
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Star Downloader Free
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Weather Pulse 2.2.1.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

4/16/2010 6:59:19 AM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: The system license has expired. Your logon request is denied.
4/16/2010 6:59:19 AM, Error: Microsoft Antimalware [5101] -
4/16/2010 6:53:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
4/16/2010 6:31:07 PM, Error: Service Control Manager [7000] - The Intel AGP Bus Filter service failed to start due to the following error: A device attached to the system is not functioning.
4/16/2010 2:01:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/16/2010 2:01:12 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/16/2010 1:57:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================

broni · 2010/04/16

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

HopefulChild · 2010/04/16

Well I did step one-the others are long and it's late so I'll do them tomorrow...nice to see you still around Broni--I've got fond memories.lol here goes:

Malwarebytes' Anti-Malware 1.44
Database version: 3912
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/16/2010 10:30:46 PM
mbam-log-2010-04-16 (22-30-46).txt

Scan type: Quick Scan
Objects scanned: 105499
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Users\william cintron\AppData\Local\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Users\william cintron\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe ") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\diskchk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\wmmnn.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\william cintron\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\william cintron\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

broni · 2010/04/16

....

HopefulChild · 2010/04/17

When I tried to run gmer it stopped working all of a sudden and a lil screen showed up saying bvm35eb5.exe has stopped working.So the scan stopped...I'll try to run it one more time.

HopefulChild · 2010/04/17

Was able to complete step 2...looks like a couple things are ******* up,so I dunno if I should go to step 3 right away.
Let me know master Broni--

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 07:53:09
Windows 6.0.6002 Service Pack 2
Running: bvm35eb5.exe; Driver: C:\Users\WILLIA~1\AppData\Local\Temp\fftyqaow.sys

---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\hybu.sys The system cannot find the path specified. !
? System32\Drivers\wmmnn.sys A device attached to the system is not functioning. !
init C:\Windows\system32\Drivers\PzWDM.sys entry point in "init" section [0x8995B30E]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DE04340, 0x40AA77, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Windows\System32\svchost.exe[5800] image checksum mismatch; time/date stamp mismatch;

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7423A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74218395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7426CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7420C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[4232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01152B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[4232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011511D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[4232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [011527E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[4232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01151B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 51EC8B55
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 1845DB51
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] F855DD56
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] E8084DDC
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 000004D2
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] FF184589
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 40515C15
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] F845DD00
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B104DDC
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 1865DAF0
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 0004B9E8
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 8BC88B00
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] F74199C6
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] C28B5EF9
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] C9184503
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 5C15FFC3
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 8B004051
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 2B08244C
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 9904244C
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8BF9F741
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 244403C2
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] FF56C304
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 244C8B00
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [748D9908] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 2BC28B5E
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 244403C1
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 15FFC308
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] [0040515C] C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 04244C8B
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] F9F74199
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] FFC3C28B
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 40515C15
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] 646A9900
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 33F9F759
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24543BC0
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] C09C0F04
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] EC8B55C3
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 0204EC81
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000100
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8B590040
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 8D500000
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] FFFEFC8D
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] C93351FF
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 558D5151
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] 8D5052FC
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] FFFDFC85
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] FF5150FF
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 40503015
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] 56216A00
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] FFFC75FF
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 40515815
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 0CC48300
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] C01BD8F7
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] C95EC623
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] EC8B55C3
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 458B5151
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 33565308
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 33FC7589
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01518DFF
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 8441198A
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 2BF975DB
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 802974CA
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7420063C
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [75FF850A] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 45FF470C
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 8A01518D
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] DB844119
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] CA2BF975
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] D772F13B
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 5FFC458B
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3C95B5E
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 56530CEC
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 68F63357
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 00000400
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFF87589
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 40515415
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 085D8B00
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C38BF88B
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] FC758959
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 8D0007C6
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 108A0148
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] [75D28440] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 1E048D66
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 74203880
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FC7D8328
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FF0A7500
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 45C7F845
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 000001FC
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 0C4D8B00
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] F84D3941
IAT C:\Windows\System32\svchost.exe[5800] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 016A3275

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85C953D8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] wmmnn <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\wmmnn@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\wmmnn@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\wmmnn@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\wmmnn@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\wmmnn@{df2d8a28-8a8c-11ec-38a1-f760999b02f2} 1
Reg HKLM\SYSTEM\ControlSet003\Services\wmmnn@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\wmmnn@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\wmmnn@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\wmmnn@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\wmmnn@{df2d8a28-8a8c-11ec-38a1-f760999b02f2} 1

HopefulChild · 2010/04/17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:39 AM, on 4/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 77.103.153.29:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEE556CA-C45B-4ADB-BA8E-5D28D2EB92CB}: NameServer = 64.136.173.5 64.136.164.77
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7190 bytes

broni · 2010/04/17

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

HopefulChild · 2010/04/17

ComboFix 10-04-15.05 - william cintron 04/17/2010 11:02:49.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1786 [GMT -5:00]
Running from: c:\users\william cintron\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2760852498-2543259003-1422614318-1000
c:\$recycle.bin\S-1-5-21-3661361517-2184615913-3356985147-500
c:\users\william cintron\AppData\Local\Microsoft\Windows\Temporary Internet Files\2-lW4xp
c:\users\william cintron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 485
c:\users\william cintron\AppData\Roaming\.#
c:\users\william cintron\AppData\Roaming\.#\MBX@10EC@1F32990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@10EC@1F329C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@10EC@1F329F0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@14AC@232990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@14AC@2329C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@14AC@2329F0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@15A0@1772990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@15A0@17729C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@15A0@17729F0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@1698@3B2990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@1698@3B29C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@1698@3B29F0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@17FC@1DD2990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@17FC@1DD29C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@17FC@1DD29F0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@EB8@612990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@EB8@6129C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@EB8@6129F0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@FD4@1692990.###
c:\users\william cintron\AppData\Roaming\.#\MBX@FD4@16929C0.###
c:\users\william cintron\AppData\Roaming\.#\MBX@FD4@16929F0.###
c:\windows\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH
c:\windows\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH \Kcast.lnk
c:\windows\system32\drivers\wmmnn.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_wmmnn
-------\Service_wmmnn

((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 16:09 . 2010-04-17 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-16 23:31 . 2010-04-17 16:11 823808 ----a-w- c:\windows\system32\drivers\wmmnn.sys
2010-04-16 12:04 . 2010-04-16 12:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-16 12:04 . 2010-04-16 12:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 12:04 . 2010-04-16 12:04 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-16 12:04 . 2010-04-16 15:34 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-16 12:04 . 2010-04-16 12:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-16 12:04 . 2010-04-16 15:35 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-04-16 11:58 . 2010-04-16 11:59 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-14 20:55 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:55 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:55 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:39 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:39 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:20 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:20 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:20 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:14 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 11:32 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 11:32 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 11:49 . 2009-12-12 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 11:44 . 2010-01-17 13:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-16 23:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 23:48 . 2009-05-20 13:35 -------- d-----w- c:\program files\Glary Utilities
2010-04-16 19:01 . 2008-08-19 19:03 -------- d-----w- c:\programdata\Microsoft Help
2010-04-16 12:04 . 2009-06-16 00:01 -------- d-----w- c:\programdata\avg8
2010-04-15 17:28 . 2009-04-19 22:22 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-12 02:01 . 2009-11-28 18:38 -------- d-----w- c:\program files\Paltalk Messenger
2010-04-06 17:54 . 2009-04-19 22:49 -------- d-----w- c:\programdata\CanonIJ
2010-03-30 05:46 . 2009-12-12 22:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-12-12 22:11 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 18:36 . 2010-03-04 18:36 -------- d-----w- c:\program files\Targeted Content Wizard
2010-03-04 18:33 . 2010-03-04 18:33 -------- d-----w- c:\program files\Simplified Textual Finder
2010-03-04 18:28 . 2010-03-04 18:28 -------- d-----w- c:\program files\Update Today Driver
2010-03-04 18:23 . 2010-03-04 18:23 -------- d-----w- c:\program files\Advanced Entry Provider
2010-03-04 18:20 . 2010-03-04 18:20 -------- d-----w- c:\program files\Common Files\Live Access Operator
2010-03-04 18:20 . 2010-03-04 18:20 -------- d-----w- c:\program files\Live Access Operator
2010-03-04 18:17 . 2010-03-04 18:17 -------- d-----w- c:\program files\Real Search Enhancer
2010-02-28 16:04 . 2010-02-28 16:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-25 15:20 . 2009-04-19 21:21 71064 ----a-w- c:\users\william cintron\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 10:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:23 . 2010-02-23 23:54 -------- d--h--w- c:\program files\InstallJammer Registry
2010-02-23 23:02 . 2009-09-15 08:30 -------- d-----w- c:\program files\Orca Browser
2010-02-23 23:02 . 2009-05-25 13:16 -------- d-----w- c:\users\william cintron\AppData\Roaming\uTorrent
2010-02-23 06:39 . 2010-03-31 12:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 12:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 12:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 11:19 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 11:18 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 11:18 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 10:07 . 2009-07-25 18:00 -------- d-----w- c:\program files\Yahoo!
2010-02-19 10:05 . 2008-08-19 18:51 -------- d-----w- c:\program files\Acer GameZone
2010-02-19 10:02 . 2010-02-18 19:33 -------- d-----w- c:\programdata\Yahoo!
2010-02-18 19:39 . 2009-07-25 18:00 -------- d-----w- c:\users\william cintron\AppData\Roaming\Yahoo!
2010-02-18 15:55 . 2010-02-18 15:55 -------- d-----w- c:\program files\BabelFish
2010-02-17 11:14 . 2010-02-17 11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
2010-02-17 11:14 . 2010-02-17 11:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-04 17:01 . 2010-02-04 17:01 64 ----a-w- c:\windows\GPlrLanc.dat
2010-01-25 12:00 . 2010-02-24 18:47 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 18:47 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 18:47 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 18:47 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 18:47 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 18:47 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 18:47 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 18:47 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 18:47 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 14:37 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 18:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer "= "c:\program files\Glary Utilities\memdefrag.exe" [2009-05-20 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader "= "c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Assist Launcher "= "c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"CarboniteSetupLite "= "c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-01 283792]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"Acer Empowering Technology Monitor "= "c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2010-04-16 1948440]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 14:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"EmpoweringTechnology "=c:\program files\Acer\Empowering Technology\Framework.Launcher.exe boot
"MBBalloon "=c:\program files\HOTALBUMMyBOX\MBBalloon.exe
"BkupTray "= "c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe "
"PCMMediaSharing "=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
"Skytel "=Skytel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):32,81,f6,ee,6d,eb,c9,01

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2009-05-29 15172]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-16 327688]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-16 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-07-15 203056]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2010-04-16 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-04-16 298776]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-20 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = 77.103.153.29:9090
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
TCP: {AEE556CA-C45B-4ADB-BA8E-5D28D2EB92CB} = 64.136.173.5 64.136.164.77
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-LSI Soft Modem - c:\windows\agrsmdel

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 11:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3156)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-04-17 11:16:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 16:15

Pre-Run: 91,959,357,440 bytes free
Post-Run: 91,668,574,208 bytes free

- - End Of File - - 6360F4F8E6D0B32968D6856EF53AAA2F

broni · 2010/04/17

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\wmmnn.sys


Folder::
c:\program files\Microsoft Security Essentials


Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

HopefulChild · 2010/04/17

ComboFix 10-04-15.05 - william cintron 04/17/2010 11:59:00.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1787 [GMT -5:00]
Running from: c:\users\william cintron\Downloads\ComboFix.exe
Command switches used :: c:\users\william cintron\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\wmmnn.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Security Essentials
c:\program files\Microsoft Security Essentials\MSESysprep.dll
c:\program files\Microsoft Security Essentials\MsMpRes.dll
c:\program files\Microsoft Security Essentials\msseces.exe
c:\program files\Microsoft Security Essentials\MsseWat.dll
c:\program files\Microsoft Security Essentials\Setup.exe
c:\program files\Microsoft Security Essentials\SetupRes.dll
c:\program files\Microsoft Security Essentials\shellext.dll
c:\program files\Microsoft Security Essentials\Update.exe
c:\program files\Microsoft Security Essentials\UpdateRes.dll
c:\windows\system32\drivers\wmmnn.sys

.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 17:05 . 2010-04-17 17:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-17 17:05 . 2010-04-17 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-17 16:16 . 2010-04-17 17:05 -------- d-----w- c:\users\william cintron\AppData\Local\temp
2010-04-16 12:04 . 2010-04-16 12:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-16 12:04 . 2010-04-16 12:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 12:04 . 2010-04-16 12:04 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-16 12:04 . 2010-04-16 15:34 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-16 12:04 . 2010-04-16 12:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-16 12:04 . 2010-04-16 15:35 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-04-14 20:55 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:55 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:55 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:39 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:39 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:20 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:20 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:20 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:14 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 11:32 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 11:32 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 11:49 . 2009-12-12 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 11:44 . 2010-01-17 13:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-16 23:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 23:48 . 2009-05-20 13:35 -------- d-----w- c:\program files\Glary Utilities
2010-04-16 19:01 . 2008-08-19 19:03 -------- d-----w- c:\programdata\Microsoft Help
2010-04-16 12:04 . 2009-06-16 00:01 -------- d-----w- c:\programdata\avg8
2010-04-15 17:28 . 2009-04-19 22:22 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-12 02:01 . 2009-11-28 18:38 -------- d-----w- c:\program files\Paltalk Messenger
2010-04-06 17:54 . 2009-04-19 22:49 -------- d-----w- c:\programdata\CanonIJ
2010-03-30 05:46 . 2009-12-12 22:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-12-12 22:11 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 18:36 . 2010-03-04 18:36 -------- d-----w- c:\program files\Targeted Content Wizard
2010-03-04 18:33 . 2010-03-04 18:33 -------- d-----w- c:\program files\Simplified Textual Finder
2010-03-04 18:28 . 2010-03-04 18:28 -------- d-----w- c:\program files\Update Today Driver
2010-03-04 18:23 . 2010-03-04 18:23 -------- d-----w- c:\program files\Advanced Entry Provider
2010-03-04 18:20 . 2010-03-04 18:20 -------- d-----w- c:\program files\Common Files\Live Access Operator
2010-03-04 18:20 . 2010-03-04 18:20 -------- d-----w- c:\program files\Live Access Operator
2010-03-04 18:17 . 2010-03-04 18:17 -------- d-----w- c:\program files\Real Search Enhancer
2010-02-28 16:04 . 2010-02-28 16:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-25 15:20 . 2009-04-19 21:21 71064 ----a-w- c:\users\william cintron\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 10:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:23 . 2010-02-23 23:54 -------- d--h--w- c:\program files\InstallJammer Registry
2010-02-23 23:02 . 2009-09-15 08:30 -------- d-----w- c:\program files\Orca Browser
2010-02-23 23:02 . 2009-05-25 13:16 -------- d-----w- c:\users\william cintron\AppData\Roaming\uTorrent
2010-02-23 06:39 . 2010-03-31 12:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 12:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 12:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 11:19 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 11:18 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 11:18 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 10:07 . 2009-07-25 18:00 -------- d-----w- c:\program files\Yahoo!
2010-02-19 10:05 . 2008-08-19 18:51 -------- d-----w- c:\program files\Acer GameZone
2010-02-19 10:02 . 2010-02-18 19:33 -------- d-----w- c:\programdata\Yahoo!
2010-02-18 19:39 . 2009-07-25 18:00 -------- d-----w- c:\users\william cintron\AppData\Roaming\Yahoo!
2010-02-18 15:55 . 2010-02-18 15:55 -------- d-----w- c:\program files\BabelFish
2010-02-17 11:14 . 2010-02-17 11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
2010-02-17 11:14 . 2010-02-17 11:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-04 17:01 . 2010-02-04 17:01 64 ----a-w- c:\windows\GPlrLanc.dat
2010-01-25 12:00 . 2010-02-24 18:47 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 18:47 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 18:47 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 18:47 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 18:47 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 18:47 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 18:47 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 18:47 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 18:47 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 14:37 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 18:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer "= "c:\program files\Glary Utilities\memdefrag.exe" [2009-05-20 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader "= "c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Assist Launcher "= "c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"CarboniteSetupLite "= "c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-01 283792]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"Acer Empowering Technology Monitor "= "c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2010-04-16 1948440]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 14:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"EmpoweringTechnology "=c:\program files\Acer\Empowering Technology\Framework.Launcher.exe boot
"MBBalloon "=c:\program files\HOTALBUMMyBOX\MBBalloon.exe
"BkupTray "= "c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe "
"PCMMediaSharing "=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
"Skytel "=Skytel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):32,81,f6,ee,6d,eb,c9,01

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2009-05-29 15172]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-16 327688]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-16 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-07-15 203056]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2010-04-16 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-04-16 298776]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-20 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = 77.103.153.29:9090
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
TCP: {AEE556CA-C45B-4ADB-BA8E-5D28D2EB92CB} = 64.136.173.5 64.136.164.77
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 12:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-04-17 12:07:25
ComboFix-quarantined-files.txt 2010-04-17 17:07
ComboFix2.txt 2010-04-17 16:16

Pre-Run: 91,580,043,264 bytes free
Post-Run: 91,548,172,288 bytes free

- - End Of File - - BCB2BC1228D2EBA1E8F99669A9A93331

HopefulChild · 2010/04/17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:39 AM, on 4/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 77.103.153.29:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEE556CA-C45B-4ADB-BA8E-5D28D2EB92CB}: NameServer = 64.136.173.5 64.136.164.77
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7190 bytes

broni · 2010/04/17

Very good
How is the computer doing at the moment?

Delete your GMER file, download fresh one, run it and post new log.

HopefulChild · 2010/04/17

Well it looks like computer is doing great..but I've tried running the gmer twice now and all it does is run for a couple of seconds then it stops..have no idea what's going on.

broni · 2010/04/17

Try to un-check "Devices" in right pane.
If still no joy, try to run it in Safe Mode.

HopefulChild · 2010/04/17

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 18:53:28
Windows 6.0.6002 Service Pack 2
Running: 6e8hoy5j.exe; Driver: C:\Users\WILLIA~1\AppData\Local\Temp\fftyqaow.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\Windows\system32\Drivers\PzWDM.sys entry point in "init" section [0x807F330E]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D400340, 0x40AA77, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[836] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[864] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Windows\system32\nvvsvc.exe[904] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Windows\System32\svchost.exe[1004] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Windows\System32\svchost.exe[1132] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text ...
.text C:\Windows\Explorer.EXE[3348] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7706B364 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Windows\Explorer.EXE[3348] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Windows\system32\taskeng.exe[3756] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3864] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Windows\RtHDVCpl.exe[3872] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[3988] SHELL32.dll!ShellExecuteExW + 18B7 7709D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74CD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D2A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74CDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74CCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74CD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74CCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D08395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74CDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74CCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74CCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74CC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74CFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74CCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74CC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74CC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74CD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[3988] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01F62B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[3988] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F611D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[3988] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [01F627E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe[3988] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01F61B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- EOF - GMER 1.0.15 ----

broni · 2010/04/17

Looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

HopefulChild · 2010/04/18

Finished step one but am working on the Kaspersky step which is taking forever cause I'm on dial-up.

broni · 2010/04/18

Oh, OK.
I wasn't aware, you're on dial-up.
Stop Kaspersky.
This should be easier for you:

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Start scan button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View log.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

Post fresh HijackThis log as well.

HopefulChild · 2010/04/18

QuickScan Beta 32-bit v0.9.9.18
-------------------------------

Scan date: Sun Apr 18 13:15:41 2010
Machine ID: 747DC1E8

No infection found.
-------------------

Processes
---------
<unsigned> 1600 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
<unsigned> KoolFox Web Browser! 4764 C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe

<verified> Acer eDataSecurity Management 4028 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
<verified> Glary Utilities 3032 C:\Program Files\Glary Utilities\memdefrag.exe
<verified> Google Desktop 2652 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
<verified> HD Audio Control Panel 4036 C:\Windows\RtHDVCpl.exe
<verified> Microsoft® Windows® Operating System 3716 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 3624 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 1680 C:\Windows\System32\rundll32.exe
<verified> Microsoft® Windows® Operating System 3668 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 3256 C:\Windows\system32\wbem\unsecapp.exe

Network activity
----------------

Autoruns and critical files
---------------------------
<unsigned> C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
<unsigned> Google Desktop c:\Program Files\Google\Google Desktop Search\googledesktopnetwork3.dll
<unsigned> launcher.exe C:\Program Files\Acer\Acer Assist\launcher.exe
<unsigned> SuperAntiSpyware c:\program files\superantispyware\sasseh.dll

<verified> Acer eDataSecurity Management C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
<verified> AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe
<verified> AVG Internet Security c:\windows\system32\avgrsstx.dll
<verified> Carbonite Setup Lite C:\Program Files\Carbonite\CarbonitePreinstaller.exe
<verified> Glary Utilities C:\Program Files\Glary Utilities\memdefrag.exe
<verified> Google Desktop C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe
<verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> NVIDIA Media Center Library C:\Windows\System32\nvmctray.dll
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll

Browser plugins
---------------
<unsigned> PaltalkScene C:\Program Files\Paltalk Messenger\Paltalk.exe
<unsigned> sdieint.dll c:\program files\star downloader\sdieint.dll

<verified> Acer eDataSecurity Management c:\program files\acer\empowering technology\edatasecurity\x86\edstoolbar.dll
<verified> AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> AVG Internet Security c:\program files\avg\avg8\avgssie.dll
<verified> AVG Security Toolbar c:\program files\avg\avg8\toolbar\ietoolbar.dll
<verified> DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
<verified> ExentCtl Module C:\Windows\Downloaded Program Files\ExentCtl.ocx
<verified> Java(TM) Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Missing files
-------------
File not found: C:\Users\WILLIA~1\AppData\Local\Temp\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\ "ImagePath "

File not found: C:\Windows\System32\appmgmts.dll
referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\ "ServiceDll "

File not found: C:\Windows\system32\drivers\SBREdrv.sys
referenced in: HKLM\System\ControlSet001\services\SBRE\ "ImagePath "

File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\ "ImagePath "

File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\ "ImagePath "

File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\ "ImagePath "

Scan
----
<unsigned> MD5: 517d30057c726c797764bfd70a55d82a C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
<unsigned> MD5: 19b2731afb82729f8ff10b082cd609b3 C:\Program Files\Acer\Acer Assist\launcher.exe
<unsigned> MD5: 20d3741680ab88269badcdb161b36705 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
<unsigned> MD5: 5673ec459fa2f335a05594249609bb2b C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
<unsigned> MD5: 283195c5301eadbcf56dee637573ed12 C:\Program Files\bin32\nSvcAppFlt.exe
<unsigned> MD5: 3c7bd1ec817d300a8826d49c406d5894 C:\Program Files\bin32\nSvcIp.exe
<unsigned> MD5: 793ff718477345cd5d232c50bed1e452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: c1c132455200ad4704142442c89d0fa4 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> MD5: 537e9ddb9bdfcd19038d2ac0728b9457 C:\Program Files\Glary Utilities\GUControlD7.bpl
<unsigned> MD5: 0ebe2e8a838bff30ab74f575d0c0752c C:\Program Files\Glary Utilities\GUTrayIconD7.bpl
<unsigned> MD5: 718db63e25322fb414ca9e3286f0f42d C:\Program Files\Glary Utilities\pngD7.bpl
<unsigned> MD5: 0dcd17c9a3b135c61834c716a412a5bf C:\Program Files\Glary Utilities\rtl70.bpl
<unsigned> MD5: 599dabd485b83b3ddbfcacfd60ac8774 C:\Program Files\Glary Utilities\vcl70.bpl
<unsigned> MD5: d7b49da980884f53c3d78e1e853b02e4 C:\Program Files\Glary Utilities\vclsmp70.bpl
<unsigned> MD5: e12c66ffd510c78731d5400eddecd8c8 C:\Program Files\Glary Utilities\vclx70.bpl
<unsigned> MD5: 4cdea5612fd2a733ac11d6ea62944029 C:\Program Files\Glary Utilities\VirtualTreesD7.bpl
<unsigned> MD5: b87279634826897af9c2fd986c4e50d4 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
<unsigned> MD5: 97ee34038653370cb3fe57e1f024a6ae C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll
<unsigned> MD5: bf0a0d9d7bbbb8f894b4f7b49883aaaf C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
<unsigned> MD5: 66a96140e075617701be421ecabbba48 c:\Program Files\Google\Google Desktop Search\googledesktopnetwork3.dll
<unsigned> MD5: d9d7099cbb6cacdbc88ed27f28407457 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
<unsigned> MD5: 11a8da17a09784c2dc9143ecaedd5319 C:\Program Files\Google\Google Desktop Search\GoogleServices.dll
<unsigned> MD5: c0d0179784c543bdf297932fafa2bb20 C:\Program Files\Google\Google Desktop Search\gzlib.dll
<unsigned> MD5: feeb716213dcda8a82d6d9ab4ac9e5cb C:\Program Files\Kool-Fox\App\KoolFox\components\browserdirprovider.dll
<unsigned> MD5: 012355467ac24c99fd1af4f85cfffd70 C:\Program Files\Kool-Fox\App\KoolFox\components\brwsrcmp.dll
<unsigned> MD5: 750f91a60e253e3536b5daf0f542e280 C:\Program Files\Kool-Fox\App\KoolFox\freebl3.dll
<unsigned> MD5: f59e97b465f0630b94a29aa3f3990371 C:\Program Files\Kool-Fox\App\KoolFox\js3250.dll
<unsigned> MD5: c87424f21490687b88550659637c4be9 C:\Program Files\Kool-Fox\App\koolFox\KoolFox.exe
<unsigned> MD5: bc1640778ffcdb4ee2c2649596fbfce9 C:\Program Files\Kool-Fox\App\KoolFox\nspr4.dll
<unsigned> MD5: 1ca772871d7998dc6774667e17f6f883 C:\Program Files\Kool-Fox\App\KoolFox\nss3.dll
<unsigned> MD5: a4b7c62a06a40f89a1ef356d408c13db C:\Program Files\Kool-Fox\App\KoolFox\nssckbi.dll
<unsigned> MD5: b4191f9afef47efeea2bf9b068fe8a99 C:\Program Files\Kool-Fox\App\KoolFox\nssdbm3.dll
<unsigned> MD5: 02b367a5016b8e858f1e93fe65d44af2 C:\Program Files\Kool-Fox\App\KoolFox\nssutil3.dll
<unsigned> MD5: 167fe5358435a80dd8f41aae97852085 C:\Program Files\Kool-Fox\App\KoolFox\plc4.dll
<unsigned> MD5: 84fe8739a736031fb7572861d02af264 C:\Program Files\Kool-Fox\App\KoolFox\plds4.dll
<unsigned> MD5: 32a4d0e2bf3ffad114f435a40839b9e6 C:\Program Files\Kool-Fox\App\KoolFox\smime3.dll
<unsigned> MD5: 1a9e4ab5bd1b8abc67427e6fb69fc19e C:\Program Files\Kool-Fox\App\KoolFox\softokn3.dll
<unsigned> MD5: 630da00722dc63cdf2b0be0445fa8267 C:\Program Files\Kool-Fox\App\KoolFox\sqlite3.dll
<unsigned> MD5: 9abe4cd95badeca4aa944977264a2bc8 C:\Program Files\Kool-Fox\App\KoolFox\ssl3.dll
<unsigned> MD5: 130cd0e1006b50bb9880264bd228f6a0 C:\Program Files\Kool-Fox\App\KoolFox\xpcom.dll
<unsigned> MD5: 71a300cce7fc9a793c34e7b6f4ef4f72 C:\Program Files\Kool-Fox\App\KoolFox\xul.dll
<unsigned> MD5: a2b6583a5652a385dff5e4f49ad48761 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
<unsigned> MD5: 09e6affae6c0e9158bf05c7d08d0107a C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
<unsigned> MD5: 40b87fe8a1a9a5ac9e5a91d96f212bcd C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
<unsigned> MD5: 2fac4c7430107fe61545636bcaaec763 C:\Program Files\Paltalk Messenger\Paltalk.exe
<unsigned> MD5: 56b1216e54c4832bfaf63cc96e98a522 c:\program files\star downloader\sdieint.dll
<unsigned> MD5: ecd5517a6633826057d4f050927ddf56 c:\program files\superantispyware\sasseh.dll
<unsigned> MD5: b1a0821a935c7604abbbdbe9d3c7af5c C:\Users\william cintron\AppData\Roaming\Michael Hardy\KoolFox\Profiles\95k8v7iz.default\extensions\kodak-companion@mozilla.com\platform\WINNT\components\fotofox.dll
<unsigned> MD5: 2a64cb5d4ab46593ddf2b2f659470e82 C:\Users\william cintron\AppData\Roaming\Michael Hardy\KoolFox\Profiles\95k8v7iz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
<unsigned> MD5: 3c97e7131026a968c69892a3002f4003 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
<unsigned> MD5: 31d759eb90cccadc5641b6461c8ae180 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
<unsigned> MD5: 4005c194272628cd1362a7ac88b50718 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
<unsigned> MD5: 96d9ccdfcbdab436bf49ad0ed15c18e3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
<unsigned> MD5: 36cf3653d367cbc72a38625543f3d4d1 C:\Windows\system32\Drivers\PzWDM.sys
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll

No file uploaded.

Scan finished - communication took 28 sec
Total traffic - 0.05 MB sent, 2.33 KB recvd
Scanned 894 files and modules - 103 seconds

Log in or Sign up

Solved On uninstalling Microsoft Security Essentials...

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

HopefulChild Inactive Thread Starter

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

Share This Page

Log in or Sign up

Solved On uninstalling Microsoft Security Essentials...

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

HopefulChild Inactive Thread Starter

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

broni Moderator Malware Analyst

HopefulChild Inactive Thread Starter

Share This Page

Useful Searches