Inactive Attempt to remove Vista Gaurd virus may have caused bigger issue

Status
Not open for further replies.
D

dmo

Posts: 15   +0
Earlier this year, my computer got infected with Vista Guard. I downloaded the free malwarebytes to remove it and that appeared to work, but it re-appeared this past Monday. This time around, it wasn't as bad since I could actually open my programs around it, but I still wanted to remove it. For some reason, Malwarebytes wouldn't open, so I went to MajorGeeks and downloaded a-squared, their top anti-virus freeware. Apparently there has been some kind of change in business with that company because it changed into a different program mid-download, but I looked it over and it all seemed legit. I let it go and finished the download.

The a-squared did remove three files, one of which I assume was the Vista Gaurd because it hasn't shown up since, but now I have a bigger issue.
Ever since the download, many of my programs do not open. Instead I am asked to pick another program to open the file for the program I want. And with every attempt to open a program, I am also asked to pick an additional program to open another file, that I don't even recognize. This additional file is any of these 3: MSASCui.exe, ssvagent.exe, and rstui.exe.
ssvagent is by far the file that pops-up the most often.

Because of this, I cannot open many of my media programs and the ACER empowering technology no longer loads on start-up. (Oh, I have an ACER Extensa 5420)

There is one other little set-back to the problem. I do not have access to everything on this computer, nor do I have all the paperwork. It was donated to me through a third-party, and the man who gave it to me got it me did not give me all of the information. I only know that it was set-up through geek squad. He even has programs on here that are password protected, and he didn't give me the password, so I have been kept from different areas of the computer based on that.

Ideally, I can fix whatever is going on with my computer without paying anything. I plan on buying a new one in Feb or March and I don't want to put any money into something that I won't use for much longer. I don't have the money anyways.

Oh, and I can't give my specs either. This 'pick-a-program' issue wont let me use download from online, and all of my Windows related activities keep giving me an 'application not found' box.

Please, if anyone can help me I would really appreciate it.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Download and run exeHelper.


  • * Please download exeHelper from Raktor to your desktop.
    * Double-click on exeHelper.com to run the fix.
    * A black window should pop up, press any key to close once the fix is completed.
    * A log file named log.txt will be created in the directory where you ran exeHelper.com
    * Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

See, if after using the above program you're able to open applications, which didn't want to open before.
 
Thank you!

That seems to have worked. All of my programs are opening again and even my start-up programs are working. My computer is still going slow though.

Here is the log from the exeHelper:

exeHelper by Raktor
Build 20100414
Run at 09:21:22 on 11/24/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
Avira AntiVir Personal
Report file date: Thursday, November 25, 2010 10:02

Scanning for 3091541 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : My Shadow
Computer name : MYSHADOW-PC

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/3/2010 00:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/3/2010 00:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 04:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 17:59:23
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 17:59:27
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 17:59:28
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 17:59:28
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 17:59:28
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 17:59:29
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 17:59:31
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 17:59:32
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 17:59:32
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 17:59:33
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 17:59:35
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 17:59:35
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 17:59:36
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 17:59:37
VBASE022.VDF : 7.10.14.88 2048 Bytes 11/24/2010 17:59:37
VBASE023.VDF : 7.10.14.89 2048 Bytes 11/24/2010 17:59:37
VBASE024.VDF : 7.10.14.90 2048 Bytes 11/24/2010 17:59:37
VBASE025.VDF : 7.10.14.91 2048 Bytes 11/24/2010 17:59:38
VBASE026.VDF : 7.10.14.92 2048 Bytes 11/24/2010 17:59:38
VBASE027.VDF : 7.10.14.93 2048 Bytes 11/24/2010 17:59:38
VBASE028.VDF : 7.10.14.94 2048 Bytes 11/24/2010 17:59:39
VBASE029.VDF : 7.10.14.95 2048 Bytes 11/24/2010 17:59:39
VBASE030.VDF : 7.10.14.96 2048 Bytes 11/24/2010 17:59:39
VBASE031.VDF : 7.10.14.104 55808 Bytes 11/25/2010 17:59:40
Engineversion : 8.2.4.112
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/25/2010 17:59:57
AESCN.DLL : 8.1.7.2 127349 Bytes 11/25/2010 17:59:55
AESBX.DLL : 8.1.3.2 254324 Bytes 11/25/2010 17:59:59
AERDL.DLL : 8.1.9.2 635252 Bytes 11/25/2010 17:59:55
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/25/2010 17:59:53
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/25/2010 17:59:52
AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/25/2010 17:59:51
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/25/2010 17:59:45
AEGEN.DLL : 8.1.4.2 401781 Bytes 11/25/2010 17:59:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/25/2010 17:59:43
AECORE.DLL : 8.1.18.1 196984 Bytes 11/25/2010 17:59:42
AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/3/2010 00:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/3/2010 00:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, November 25, 2010 10:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'TmProxy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'ERAGENT.EXE' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'EPOWER_DMC.EXE' - '1' Module(s) have been scanned
Scan process 'ENMTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeperUI.exe' - '1' Module(s) have been scanned
Scan process 'mswinext.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ZuneLauncher.exe' - '1' Module(s) have been scanned
Scan process 'DefMgr.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'TMBMSRV.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'xaudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'UfSeAgnt.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'IObit SmartDefrag.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'SfCtlCom.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'ALUSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '1757' files ).



End of the scan: Thursday, November 25, 2010 10:06
Used time: 03:57 Minute(s)

The scan has been done completely.

0 Scanned directories
2284 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2284 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
 
The Temporary File Cleaner is being recognized as a Trojan Program by the residual of Trend Micro Virus. (I can't renew it or remove it because it is one of the programs that was password protected when I got the computer)
 
Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 6.0.6000
Internet Explorer 7.0.6000.17037

11/27/2010 10:25:09 AM
mbam-log-2010-11-27 (10-25-09).txt

Scan type: Quick Scan
Objects scanned: 123042
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-27 10:50:47
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: 6tuvd5dv.exe; Driver: C:\Users\MYSHAD~1\AppData\Local\Temp\kwloqkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\fastfat \Fat SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-11-27.01) - NTFSx86
Run by My Shadow at 10:54:36.53 on Sat 11/27/2010
Internet Explorer: 7.0.6000.17037
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1790.836 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\MYSHAD~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\My Shadow\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [StartCCC] "c:\program files\ati" technologies\ati.ace\core-static\CLIStart.exe
uRun: [Acer Tour Reminder]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PMCLoader] "c:\program files\pinnacle\tvcenter pro\PMCLoader.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [EPSON Stylus Photo RX595 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe" /fu "c:\windows\temp\E_S3F9F.tmp" /EF "HKCU"
uRun: [WebEx Document Loader] "c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe" /fu "c:\windows\temp\E_S9D29.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSet] "rundll32.exe" c:\windows\PLFSet.dll,PLFDefSetting
mRun: [StartCCC] "c:\program files\ati" technologies\ati.ace\core-static\CLIStart.exe
mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Acer Assist Launcher] "c:\program files\acer assist\launcher.exe"
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\6.3.2348.0\mswinext.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\myshad~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-3 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-2 35712]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-25 61960]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-8-3 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-13 36368]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 135664]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-12-14 570880]

=============== Created Last 30 ================

2010-11-26 22:27:56 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b52e50f5-ed61-4d62-bd3e-360a7ee90d40}\mpengine.dll
2010-11-25 17:54:32 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-25 17:54:18 -------- d-----w- c:\program files\Avira
2010-11-25 17:54:18 -------- d-----w- c:\progra~2\Avira
2010-11-21 22:49:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-29 20:04:37 -------- d-----w- c:\program files\Bing Bar Installer

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 10:57:40.96 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2007 2:16:56 PM
System Uptime: 11/24/2010 9:24:49 AM (73 hours ago)

Motherboard: Acer | | Extensa 5420
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 0.991 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.547 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0008
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0008
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0016
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0016
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0017
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #14
PNP Device ID: ROOT\*6TO4MP\0017
Service: tunnel

==== System Restore Points ===================

RP556: 11/26/2010 2:26:37 PM - Windows Update

==== Installed Programs ======================

Acer Assist
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
DesignPro 5.4 Limited Edition
DivX Setup
EA Download Manager
EA Download Manager UI
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstallMgr
IObit SmartDefrag Beta4.03
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Last.fm 1.5.4.27091
Launch Manager
LightScribe 1.4.142.1
Linksys Dual-Band Wireless-N USB Network Adapter
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Move Media Player
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
O2Micro Flash Memory Card Reader Driver Installer(x86)
OpenOffice.org 3.0
Pinnacle TVCenter Pro
QuickTime
Realtek High Definition Audio Driver
SecureW2 EAP Suite 2.0.4 for Windows
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Spy Sweeper
Trend Micro AntiVirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
WebEx Support Manager for Internet Explorer
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

11/26/2010 2:13:17 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2010 2:13:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
11/26/2010 2:13:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
11/25/2010 9:56:40 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx tmtdi Wanarpv6
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2010 6:00:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/21/2010 6:00:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/21/2010 6:00:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/21/2010 6:00:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/21/2010 6:00:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/21/2010 6:00:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/21/2010 6:00:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/21/2010 5:59:39 PM, Error: EventLog [6008] - The previous system shutdown at 5:58:19 PM on 11/21/2010 was unexpected.
11/21/2010 4:18:18 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
11/21/2010 4:18:17 PM, Error: Service Control Manager [7022] - The SQL Server VSS Writer service hung on starting.
11/21/2010 4:16:55 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/21/2010 4:16:55 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/21/2010 1:13:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer STEPHANIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EF46E181-3812-4B24-A5B3-0D8DC. The master browser is stopping or an election is being forced.
11/21/2010 1:06:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/20/2010 12:08:54 PM, Error: volmgr [46] - Crash dump initialization failed!
11/20/2010 12:08:46 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
11/20/2010 12:08:45 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
11/20/2010 12:08:45 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5420
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 165):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x80209000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80511000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x804CE000 \SystemRoot\system32\drivers\acpi.sys
0x80200000 \SystemRoot\system32\drivers\WMILIB.SYS
0x804C6000 \SystemRoot\system32\drivers\msisadrv.sys
0x804A1000 \SystemRoot\system32\drivers\pci.sys
0x80492000 \SystemRoot\system32\drivers\volmgr.sys
0x80489000 \SystemRoot\SYSTEM32\Drivers\SSHRMD.SYS
0x80480000 \SystemRoot\SYSTEM32\Drivers\SSFS0BB9.SYS
0x80454000 \SystemRoot\SYSTEM32\Drivers\SSIDRV.SYS
0x80429000 \SystemRoot\SYSTEM32\Drivers\msrpc.sys
0x807C7000 \SystemRoot\SYSTEM32\Drivers\NETIO.SYS
0x806C3000 \SystemRoot\SYSTEM32\Drivers\NDIS.SYS
0x8041E000 \SystemRoot\SYSTEM32\Drivers\TDI.SYS
0x8041B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80411000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80401000 \SystemRoot\System32\drivers\mountmgr.sys
0x80699000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x80692000 \SystemRoot\system32\drivers\pciide.sys
0x80684000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8063A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80632000 \SystemRoot\system32\drivers\atapi.sys
0x80614000 \SystemRoot\system32\drivers\ataport.SYS
0x8060A000 \SystemRoot\system32\DRIVERS\o2media.sys
0x823DA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x80601000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x823A9000 \SystemRoot\system32\drivers\fltmgr.sys
0x82399000 \SystemRoot\system32\drivers\fileinfo.sys
0x82390000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82288000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8221E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x877CA000 \SystemRoot\system32\drivers\volsnap.sys
0x82216000 \SystemRoot\System32\Drivers\spldr.sys
0x82204000 \SystemRoot\system32\drivers\psdvdisk.sys
0x877C1000 \SystemRoot\system32\drivers\PSDNServ.sys
0x877B2000 \SystemRoot\System32\drivers\partmgr.sys
0x877A3000 \SystemRoot\System32\Drivers\mup.sys
0x8777E000 \SystemRoot\System32\drivers\ecache.sys
0x8776D000 \SystemRoot\system32\drivers\disk.sys
0x8774C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87743000 \SystemRoot\system32\drivers\crcdisk.sys
0x88408000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88420000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88194000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88429000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B6D8000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x89C33000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x88413000 \SystemRoot\System32\drivers\watchdog.sys
0x8B652000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x89C29000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B615000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x89C1B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88118000 \SystemRoot\system32\drivers\Afc.sys
0x89C03000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88021000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8854E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8AFEE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x884E4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AFDB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AFD1000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8AE40000 \SystemRoot\System32\Drivers\sskbfd.sys
0x8AFC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B60A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x880A8000 \SystemRoot\system32\DRIVERS\nscirda.sys
0x88444000 \SystemRoot\system32\drivers\irenum.sys
0x89D90000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BFA2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BF77000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BF37000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BF20000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BF15000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BEF2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF10000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BEDF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF1F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8801D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BEB5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AE5A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BE81000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89DC0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C025000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BE04000 \SystemRoot\system32\drivers\portcls.sys
0x8C000000 \SystemRoot\system32\drivers\drmk.sys
0x8C3C3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C2C0000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C20C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8AE67000 \SystemRoot\system32\drivers\modem.sys
0x8845F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x885D6000 \SystemRoot\System32\Drivers\Null.SYS
0x885DD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C200000 \SystemRoot\System32\drivers\vga.sys
0x8C5DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x880B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x880C0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C4B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C4A6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88468000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C50A000 \SystemRoot\System32\drivers\tcpip.sys
0x8C483000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C46E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C45A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C7B9000 \SystemRoot\system32\drivers\afd.sys
0x8C787000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C404000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C4FC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C4E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AF2E000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x8C740000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C49C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C729000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C859000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8AE74000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x885E4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8801B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C6B1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94E00000 \SystemRoot\System32\win32k.sys
0x8C4DF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8AFB5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96400000 \SystemRoot\System32\TSDDD.dll
0x96410000 \SystemRoot\System32\cdd.dll
0x95E95000 \SystemRoot\system32\drivers\luafv.sys
0x8AEE9000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x982BE000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x95E4C000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x96276000 \SystemRoot\system32\drivers\WudfPf.sys
0x99372000 \SystemRoot\system32\drivers\spsys.sys
0x99354000 \SystemRoot\system32\DRIVERS\irda.sys
0x95C20000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99329000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95C8A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97205000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A597000 \SystemRoot\system32\drivers\HTTP.sys
0x9A54B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A4B4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A4A0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A480000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A462000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A429000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99230000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A405000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ADAF000 \SystemRoot\System32\DRIVERS\srv.sys
0x885B3000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9CFFC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9CF6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9CE4C000 \SystemRoot\system32\drivers\peauth.sys
0x95CA8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x962E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x97355000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0x8AFA6000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0x98438000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x972C2000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0x8AEDC000 \SystemRoot\System32\Drivers\crashdmp.sys
0xAE88B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xAE822000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB97C2000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0xB9628000 \??\C:\Users\MYSHAD~1\AppData\Local\Temp\kwloqkow.sys
0x77870000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
556 csrss.exe
612 C:\Windows\System32\wininit.exe
624 csrss.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\Ati2evxx.exe
1104 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1324 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\Ati2evxx.exe
1596 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
244 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
348 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
12 C:\Program Files\Bonjour\mDNSResponder.exe
1268 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
1052 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
708 C:\Windows\System32\taskeng.exe
1364 C:\Windows\System32\dwm.exe
1940 C:\Windows\explorer.exe
2132 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2240 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2296 C:\Acer\Mobility Center\MobilityService.exe
2368 C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
2416 C:\Program Files\Google\Update\GoogleUpdate.exe
2472 C:\Program Files\Windows Defender\MSASCui.exe
2492 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2500 C:\Windows\RtHDVCpl.exe
2608 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2628 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
2772 C:\Windows\System32\taskeng.exe
2808 C:\Windows\System32\svchost.exe
2964 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
3060 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
3408 C:\Windows\System32\SearchIndexer.exe
3432 C:\Windows\System32\drivers\XAudio.exe
3448 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3536 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3648 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
3692 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3828 WmiPrvSE.exe
4052 WmiPrvSE.exe
1168 unsecapp.exe
2432 C:\Users\MYSHAD~1\AppData\Local\Temp\RtkBtMnt.exe
3444 C:\Program Files\Launch Manager\LManager.exe
4136 C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
4144 C:\Program Files\Zune\ZuneLauncher.exe
4188 C:\Program Files\iTunes\iTunesHelper.exe
4224 C:\Program Files\Java\jre6\bin\jusched.exe
4280 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4292 C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
4328 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
4348 C:\Program Files\Windows Sidebar\sidebar.exe
4372 C:\Windows\ehome\ehtray.exe
4412 C:\Windows\System32\wbem\unsecapp.exe
4716 C:\Acer\Empowering Technology\eNet\eNMTray.exe
4744 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
4804 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
4876 C:\Windows\ehome\ehmsas.exe
4896 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
5664 C:\Program Files\Windows Sidebar\sidebar.exe
6076 C:\Program Files\iPod\bin\iPodService.exe
4860 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
3288 C:\Program Files\Avira\AntiVir Desktop\sched.exe
4616 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
6128 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
7376 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
8124 C:\Windows\System32\wuauclt.exe
6588 C:\Program Files\Google\Chrome\Application\chrome.exe
6112 C:\Program Files\Google\Chrome\Application\chrome.exe
3148 C:\Program Files\Google\Chrome\Application\chrome.exe
5372 C:\Program Files\Google\Chrome\Application\chrome.exe
6724 C:\Program Files\Google\Chrome\Application\chrome.exe
7924 C:\Program Files\Google\Chrome\Application\chrome.exe
7176 C:\Windows\System32\SearchProtocolHost.exe
5044 C:\Windows\System32\SearchFilterHost.exe
7152 C:\Users\My Shadow\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`da600000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
ComboFix 10-11-27.01 - My Shadow 11/27/2010 13:18:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1790.976 [GMT -8:00]
Running from: c:\users\My Shadow\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\My Shadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\23kBPk0y.jpg
c:\users\My Shadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\8A73M6BnX.jpg
c:\users\My Shadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\pJOx0.jpg
c:\users\My Shadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Xkm0m.jpg
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 21:59 . 2010-11-27 22:35 -------- d-----w- c:\users\My Shadow\AppData\Local\temp
2010-11-27 21:59 . 2010-11-27 21:59 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
2010-11-27 21:59 . 2010-11-27 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 21:59 . 2010-11-27 21:59 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-27 20:54 . 2010-11-27 20:57 -------- d-----w- C:\32788R22FWJFW
2010-11-26 22:27 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B52E50F5-ED61-4D62-BD3E-360A7EE90D40}\mpengine.dll
2010-11-25 17:54 . 2010-11-26 22:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-25 17:54 . 2010-08-03 00:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-25 17:54 . 2010-11-25 17:54 -------- d-----w- c:\programdata\Avira
2010-11-25 17:54 . 2010-11-25 17:54 -------- d-----w- c:\program files\Avira
2010-11-21 22:49 . 2010-11-22 01:09 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-29 20:04 . 2010-10-29 20:17 -------- d-----w- c:\program files\Bing Bar Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-02 23:24 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-28 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-23 171448]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-05 5367664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\users\My Shadow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 135664]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-15 570880]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-03 135336]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-01-28 08:29]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 00:43]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 00:43]

2010-08-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2008-01-28 07:05]

2010-11-16 c:\windows\Tasks\wrSpySweeper_L74534F1688144710A61FFEB8BE5EEA10.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-29 05:56]

2010-11-16 c:\windows\Tasks\wrSpySweeper_L74534F1688144710A61FFEB8BE5EEA10.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-29 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-PMCLoader - c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 14:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1397172104-1989430188-3832168033-1003\Software\SecuROM\License information*]
"datasecu"=hex:2e,52,c4,6d,2c,1b,5d,7d,d4,53,46,b9,29,77,24,fc,2d,28,ca,24,38,
3d,51,0c,2c,c3,4c,a2,3a,55,84,8b,d9,69,ec,32,6d,b2,e7,53,b5,0a,12,40,7a,3e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-27 15:14:26
ComboFix-quarantined-files.txt 2010-11-27 23:14

Pre-Run: 1,394,769,920 bytes free
Post-Run: 2,942,689,280 bytes free

- - End Of File - - 857152301C9DFAA6F34228132CE3802A
 
I can't get rid of Trend, I've tried. Its password protected and I don't have the password.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
568
Mark Fuller
M
D
Being spyed on
Replies
1
Views
99
Nelson28
N
O
Android wont open downloaded file
Replies
1
Views
309
Nelson28
N

Latest posts

Back