Solve : Application cannot be executed, Security Warning, Antivirus po – InterviewSolution

InterviewSolution

1.	Solve : Application cannot be executed, Security Warning, Antivirus popups?
Answer» Hey there, I believe I have a virus of some sort on my computer. Every 5-10 seconds a "Security Warning" box will pop up on my screen. The box says "Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?". This is often followed by "Antivirus softwear alert" at the bottom right of my screen. Sometimes websites like "censored.org" or a censored website will pop up on occasion. A HUGE thanks in advance to anyone who is willing to try and help me. I am not great with computers so any help I can get would be greatly appreciated. Thanks a tonWelcome to CH. Start here. Please read this before requesting malware removal help Post the 3 logs back in this topic.Hey, Thanks so much for being willing to help me with this problem. Also, sorry it took awhile to post these logs, the virus really doesn't love when I try and install and open up programs. But here are the logs Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 23/02/2010 10:34:42 PM mbam-log-2010-02-23 (22-34-42).txt Scan type: Quick Scan Objects scanned: 103451 Time elapsed: 7 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> Quarantined and deleted successfully. Folders Infected: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/22/2010 at 11:51 PM Application Version : 4.34.1000 Core Rules Database Version : 4596 Trace Rules Database Version: 1978 Scan type : Complete Scan Total Scan Time : 01:55:41 Memory items scanned : 1042 Memory threats detected : 0 Registry items scanned : 8832 Registry threats detected : 1 File items scanned : 147576 File threats detected : 6 Trojan.DNSChanger-Codec C:\resycled\ntldr.com C:\resycled Rogue.AntivirusSoft HKU\S-1-5-21-2034286202-2283236669-3436802789-1000\Software\avsoft Adware.Tracking Cookie C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected]censored.122.2o7[1].txt Rootkit.Agent/Gen-GAOPDX C:\WINDOWS\SYSTEM32\GAOPDXIMRQNBWX.DLL Rootkit.Agent/Gen-NTLDR D:\RESYCLED\NTLDR.COM Rootkit.Agent/Gen-NTLDR D:\RESYCLED\NTLDR.COMLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:46:12 PM, on 24/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\X3watch\x3watch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Grant\Program Files\DNA\btdna.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Users\Grant\AppData\Local\Apps\2.0\EDT5ZMJK.69B\O4267WRB.BX9\tray..tion_d00346c2ca499f4e_0001.0002_7d7e1ea21d36084e\trayay.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Grant\AppData\Local\yyrvha\vloqsftav.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\System32\notepad.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Grant\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [A2Y] "C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accountable2You\Accountable2You Product Suite.appref-ms" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [jhdjboni] C:\Users\Grant\AppData\Local\yyrvha\vloqsftav.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=nobrainer&refCode=&brand=ag" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Accountable2You] "C:\Program Files\Accountable2You\Accountable2You\trayay.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Accountable2You] "C:\Program Files\Accountable2You\Accountable2You\trayay.exe" (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.28,85.255.112.196 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati EXTERNAL Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9acc4d8d23139) (gupdate1c9acc4d8d23139) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 15231 bytes 1. Close all open Web browsers. 2. From the Start menu in Windows select Control Panel. 3. Select Add or Remove Programs. 4. Uninstall any of the following programs associated with Ask.com: (the names may be slightly different) - Ask.com - Ask Bar - Ask Desktop Search - Ask Search - Ask Toolbar - Ask Jeeves 5. Click Change/Remove for each and uninstall all found. ---------- Multiple antivirus warning! - avast! - McAfee Microsoft, Kaspersky and Symantec recommend that you do not have more than one antivirus product installed and running on your computer at the same time. The real-time protection of two antivirus programs may conflict with each other and cause the following: * False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. * Conflicts: Your system may lock up due to both products attempting to access the same file at the same time. * Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. * Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you. Please choose one and uninstall the other before continuing. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix*So I do believe I did everything you told me to right. And after using Combofix I am not getting anymore of those annoying popups!! Here's the log from the results: ComboFix 10-02-25.02 - Grant 25/02/2010 18:09:12.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.2313 [GMT -5:00] Running from: c:\users\Grant\Desktop\ComboFix.exe SP: SUPERAntiSpyware disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\LOG.TXT c:\program files\AVI Codec Pack c:\program files\AVI Codec Pack\AC3\ac3filter.ax c:\program files\AVI Codec Pack\AC3\dialog_patch.exe c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe c:\program files\AVI Codec Pack\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\AVI Codec Pack + c:\programdata\Microsoft\Windows\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk c:\users\Grant\AppData\Local\yyrvha c:\users\Grant\AppData\Local\yyrvha\vloqsftav.exe c:\users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVI Codec Pack + D:\resycled . ((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))) . 2010-02-25 23:18 . 2010-02-25 23:18--------d-----w-c:\users\Grant\AppData\Local\temp 2010-02-25 23:18 . 2010-02-25 23:18--------d-----w-c:\users\Default\AppData\Local\temp 2010-02-24 20:20 . 2010-02-24 20:20--------d-----w-c:\program files\Trend Micro 2010-02-24 19:46 . 2010-02-24 19:45411368----a-w-c:\windows\system32\deploytk.dll 2010-02-23 19:15 . 2010-02-23 19:15--------d-----w-c:\users\Grant\AppData\Roaming\Malwarebytes 2010-02-23 19:15 . 2010-01-07 21:0738224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-23 19:15 . 2010-02-23 19:15--------d-----w-c:\programdata\Malwarebytes 2010-02-23 19:15 . 2010-02-23 19:15--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-02-23 19:15 . 2010-01-07 21:0719160----a-w-c:\windows\system32\drivers\mbam.sys 2010-02-23 19:11 . 2010-01-23 09:442048----a-w-c:\windows\system32\tzres.dll 2010-02-23 19:10 . 2010-01-25 08:35523776----a-w-c:\windows\system32\RMActivate_isv.exe 2010-02-23 19:10 . 2010-01-25 08:34511488----a-w-c:\windows\system32\RMActivate.exe 2010-02-23 19:10 . 2010-01-25 08:34347136----a-w-c:\windows\system32\RMActivate_ssp.exe 2010-02-23 19:10 . 2010-01-25 12:48472576----a-w-c:\windows\system32\secproc_isv.dll 2010-02-23 19:10 . 2010-01-25 12:48472064----a-w-c:\windows\system32\secproc.dll 2010-02-23 19:10 . 2010-01-25 08:35346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-23 19:10 . 2010-01-25 12:48151040----a-w-c:\windows\system32\secproc_ssp_isv.dll 2010-02-23 19:10 . 2010-01-25 12:48151040----a-w-c:\windows\system32\secproc_ssp.dll 2010-02-23 19:10 . 2010-01-25 12:45329216----a-w-c:\windows\system32\msdrm.dll 2010-02-23 02:39 . 2010-02-23 02:3952224----a-w-c:\users\Grant\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-23 02:39 . 2010-02-23 02:39117760----a-w-c:\users\Grant\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-23 02:27 . 2010-02-23 02:27--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-02-23 02:26 . 2010-02-23 02:26--------d-----w-c:\program files\SUPERAntiSpyware 2010-02-23 02:26 . 2010-02-23 02:26--------d-----w-c:\users\Grant\AppData\Roaming\SUPERAntiSpyware.com 2010-02-23 02:15 . 2010-02-23 02:15--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-02-23 01:51 . 2010-02-23 01:51--------d-----w-c:\users\Grant\AppData\Roaming\OnlineArmor 2010-02-23 01:51 . 2010-02-23 01:51--------d-----w-c:\programdata\OnlineArmor 2010-02-23 01:51 . 2009-12-05 12:2824656----a-w-c:\windows\system32\drivers\OAmon.sys 2010-02-23 01:51 . 2009-12-05 12:27223312----a-w-c:\windows\system32\drivers\OADriver.sys 2010-02-23 01:51 . 2010-02-23 01:51--------d-----w-c:\program files\Tall Emu 2010-02-23 01:46 . 2010-02-11 18:42162512----a-w-c:\windows\system32\drivers\aswSP.sys 2010-02-23 01:46 . 2010-02-11 18:3819024----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2010-02-23 01:46 . 2010-02-11 18:3923376----a-w-c:\windows\system32\drivers\aswRdr.sys 2010-02-23 01:46 . 2010-02-11 18:4246672----a-w-c:\windows\system32\drivers\aswTdi.sys 2010-02-23 01:46 . 2010-02-11 18:3851792----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2010-02-23 01:46 . 2010-02-11 18:5338848----a-w-c:\windows\system32\avastSS.scr 2010-02-23 01:46 . 2010-02-11 18:53153184----a-w-c:\windows\system32\aswBoot.exe 2010-02-23 01:46 . 2010-02-23 01:46--------d-----w-c:\programdata\Alwil Software 2010-02-23 01:46 . 2010-02-23 01:46--------d-----w-c:\program files\Alwil Software 2010-02-22 13:19 . 2010-02-16 09:0084912----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\NAVENG.SYS 2010-02-22 13:19 . 2010-02-16 09:001324720----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\NAVEX15.SYS 2010-02-22 13:19 . 2009-12-14 09:002747440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\CCERASER.DLL 2010-02-22 13:19 . 2009-12-14 09:00259440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\ECMSVR32.DLL 2010-02-22 13:19 . 2009-09-17 12:50750----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\hub.scr 2010-02-22 13:19 . 2009-09-17 12:50371248----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\EECTRL.SYS 2010-02-22 13:19 . 2009-09-17 12:50177520----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\NAVENG32.DLL 2010-02-22 13:19 . 2009-09-17 12:501647984----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\NAVEX32A.DLL 2010-02-22 13:19 . 2009-09-17 12:50102448----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\ERASER.SYS 2010-02-17 00:54 . 2010-02-18 03:50--------d-----w-c:\users\Grant\English 2010-02-16 09:00 . 2010-02-16 09:0084912----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys 2010-02-16 09:00 . 2010-02-16 09:001324720----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys 2010-02-12 13:10 . 2010-02-11 09:0084912----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\NAVENG.SYS 2010-02-12 13:10 . 2010-02-11 09:001324720----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\NAVEX15.SYS 2010-02-12 13:10 . 2009-12-14 09:002747440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\CCERASER.DLL 2010-02-12 13:10 . 2009-12-14 09:00259440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\ECMSVR32.DLL 2010-02-12 13:10 . 2009-09-17 12:50750----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\hub.scr 2010-02-12 13:10 . 2009-09-17 12:50371248----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\EECTRL.SYS 2010-02-12 13:10 . 2009-09-17 12:50177520----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\NAVENG32.DLL 2010-02-12 13:10 . 2009-09-17 12:501647984----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\NAVEX32A.DLL 2010-02-12 13:10 . 2009-09-17 12:50102448----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\ERASER.SYS 2010-02-10 12:41 . 2009-12-11 12:07301568----a-w-c:\windows\system32\drivers\srv.sys 2010-02-10 12:41 . 2009-12-11 12:0798304----a-w-c:\windows\system32\drivers\srvnet.sys 2010-02-08 21:56 . 2010-02-17 04:01--------d-----w-c:\users\Grant\Writers Craft 2010-02-04 20:31 . 2010-02-05 22:262238----a-r-c:\users\Grant\AppData\Roaming\Microsoft\Installer\{B40653AD-B1FA-4504-947A-3FC987F10C57}\_D28F3E7169920081E6044C.exe 2010-02-04 20:31 . 2010-02-05 22:262238----a-r-c:\users\Grant\AppData\Roaming\Microsoft\Installer\{B40653AD-B1FA-4504-947A-3FC987F10C57}\_6FEFF9B68218417F98F549.exe 2010-02-04 20:31 . 2010-02-04 20:31--------d-----w-c:\program files\Accountable2You . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-25 23:04 . 2008-12-11 21:21--------d-----w-c:\users\Grant\AppData\Roaming\DNA 2010-02-25 23:01 . 2009-09-09 03:23--------d-----w-c:\users\Grant\AppData\Roaming\Skype 2010-02-25 22:16 . 2009-03-24 21:08--------d-----w-c:\programdata\Google Updater 2010-02-25 22:12 . 2008-03-16 20:04--------d-----w-c:\program files\McAfee 2010-02-25 22:12 . 2008-03-16 20:04--------d-----w-c:\programdata\McAfee 2010-02-25 03:11 . 2008-09-13 19:48--------d-----w-c:\users\Grant\AppData\Roaming\uTorrent 2010-02-24 19:45 . 2008-09-13 19:47--------d-----w-c:\program files\Java 2010-02-24 19:32 . 2008-09-07 20:2472936----a-w-c:\users\Grant\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 04:40 . 2008-09-13 19:47--------d-----w-c:\program files\Common Files\Java 2010-02-22 13:19 . 2008-11-07 23:44--------d-----w-c:\program files\Common Files\Symantec Shared 2010-02-11 13:13 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-02-10 03:41 . 2009-03-24 21:08--------d-----w-c:\program files\Google 2010-02-01 03:52 . 2008-03-16 19:24--------d--h--w-c:\program files\InstallShield Installation Information 2009-12-28 12:35 . 2010-02-10 12:4011776----a-w-c:\windows\system32\tsbyuv.dll 2009-12-28 12:35 . 2010-02-10 12:401314816----a-w-c:\windows\system32\quartz.dll 2009-12-28 12:32 . 2010-02-10 12:4022528----a-w-c:\windows\system32\msyuv.dll 2009-12-28 12:32 . 2010-02-10 12:4031744----a-w-c:\windows\system32\msvidc32.dll 2009-12-28 12:32 . 2010-02-10 12:40123904----a-w-c:\windows\system32\msvfw32.dll 2009-12-28 12:32 . 2010-02-10 12:4013312----a-w-c:\windows\system32\msrle32.dll 2009-12-28 12:31 . 2010-02-10 12:4082944----a-w-c:\windows\system32\mciavi32.dll 2009-12-28 12:31 . 2010-02-10 12:4050176----a-w-c:\windows\system32\iyuv_32.dll 2009-12-28 12:28 . 2010-02-10 12:4065024----a-w-c:\windows\system32\avicap32.dll 2009-12-28 12:28 . 2010-02-10 12:4091136----a-w-c:\windows\system32\avifil32.dll 2009-12-18 13:05 . 2010-01-22 18:32833024----a-w-c:\windows\system32\wininet.dll 2009-12-18 13:01 . 2010-01-22 18:3278336----a-w-c:\windows\system32\ieencode.dll 2009-12-18 10:14 . 2010-01-22 18:3226624----a-w-c:\windows\system32\ieUnatt.exe 2009-12-14 09:00 . 2009-12-14 09:002747440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll 2009-12-14 09:00 . 2009-12-14 09:00259440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll 2009-12-08 20:52 . 2010-02-10 12:40897624----a-w-c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:52 . 2010-02-10 12:403597912----a-w-c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:52 . 2010-02-10 12:403546200----a-w-c:\windows\system32\ntoskrnl.exe 2009-12-04 16:12 . 2010-02-10 12:40212992----a-w-c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 16:12 . 2010-02-10 12:40105472----a-w-c:\windows\system32\drivers\mrxsmb.sys 2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-05 06:38121392----a-w-c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Google Update"="c:\users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-17 133104] "BitTorrent DNA"="c:\users\Grant\Program Files\DNA\btdna.exe" [2009-10-07 323392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "x3watch"="c:\program files\X3watch\x3watch.exe" [2008-06-01 299008] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Accountable2You"="c:\program files\Accountable2You\Accountable2You\trayay.exe" [2009-08-03 256000] c:\users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [22/02/2010 8:46 PM 162512] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/03/2008 2:47 PM 269448] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/02/2010 8:46 PM 19024] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/02/2010 8:46 PM 51792] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [09/12/2009 6:59 PM 103280] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [09/12/2009 6:59 PM 126392] R3 NVHDA;Service for NVIDIA HDMI Audio DRIVER;c:\windows\System32\drivers\nvhda32v.sys [16/03/2008 2:01 PM 30752] S2 gupdate1c9acc4d8d23139;Google Update Service (gupdate1c9acc4d8d23139);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2009 4:09 PM 133104] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?] S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 8:53 AM 892416] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [07/09/2008 3:44 PM 80744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-02-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 21:08] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 21:09] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 21:09] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034286202-2283236669-3436802789-1000Core.job - c:\users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-17 21:34] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034286202-2283236669-3436802789-1000UA.job - c:\users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-17 21:34] 2010-02-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-09 17:32] 2010-02-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-09 17:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?o=101760&l=dis mStart Page = hxxp://en.ca.acer.yahoo.com uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\2i751xi2.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Grant\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\users\Grant\Program Files\DNA\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-jhdjboni - c:\users\Grant\AppData\Local\yyrvha\vloqsftav.exe HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd HKLM-Run-eRecoveryService - (no file) AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-25 18:18 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.URL" [HKEY_USERS\S-1-5-21-2034286202-2283236669-3436802789-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9154320-3A02-4149-9CC4-A6042B8347C0}] "hahpjmfmdmfjlegl"=hex:6b,61,67,68,64,6e,6e,69,6f,6b,6f,63,67,6b,6d,6e,6f,65, 6b,69,69,68,00,00 . Completion time: 2010-02-25 18:22:34 ComboFix-quarantined-files.txt 2010-02-25 23:22 Pre-Run: 93,023,412,224 bytes free Post-Run: 93,493,452,800 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - BA8AB817464E08F17DD23777AAC960CC 1. Go to Start* > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: DDS:: uStart Page = hxxp://www.ask.com/?o=101760&l=dis uInternet Settings,ProxyServer = http=127.0.0.1:5555 RegLockDel:: [HKEY_USERS\S-1-5-21-2034286202-2283236669-3436802789-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9154320-3A02-4149-9CC4-A6042B8347C0}] 3. Go to the Notepad window and click Edit* > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeAlright, so I believe I did everything you told me to right. here's the log: ComboFix 10-02-25.02 - Grant 26/02/2010 15:27:02.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.2000 [GMT -5:00] Running from: c:\users\Grant\Desktop\ComboFix.exe Command switches used :: c:\users\Grant\Desktop\CFScript.txt SP: SUPERAntiSpyware disabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Temp\0060481267211157mcinst.exe . ((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))))) . 2010-02-26 20:33 . 2010-02-26 20:38--------d-----w-c:\users\Grant\AppData\Local\temp 2010-02-26 20:33 . 2010-02-26 20:33--------d-----w-c:\users\Public\AppData\Local\temp 2010-02-26 20:33 . 2010-02-26 20:33--------d-----w-c:\users\Default\AppData\Local\temp 2010-02-24 20:20 . 2010-02-24 20:20--------d-----w-c:\program files\Trend Micro 2010-02-24 19:46 . 2010-02-24 19:45411368----a-w-c:\windows\system32\deploytk.dll 2010-02-23 19:15 . 2010-02-23 19:15--------d-----w-c:\users\Grant\AppData\Roaming\Malwarebytes 2010-02-23 19:15 . 2010-01-07 21:0738224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-23 19:15 . 2010-02-23 19:15--------d-----w-c:\programdata\Malwarebytes 2010-02-23 19:15 . 2010-02-23 19:15--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-02-23 19:15 . 2010-01-07 21:0719160----a-w-c:\windows\system32\drivers\mbam.sys 2010-02-23 19:11 . 2010-01-23 09:442048----a-w-c:\windows\system32\tzres.dll 2010-02-23 19:10 . 2010-01-25 08:35523776----a-w-c:\windows\system32\RMActivate_isv.exe 2010-02-23 19:10 . 2010-01-25 08:34511488----a-w-c:\windows\system32\RMActivate.exe 2010-02-23 19:10 . 2010-01-25 08:34347136----a-w-c:\windows\system32\RMActivate_ssp.exe 2010-02-23 19:10 . 2010-01-25 12:48472576----a-w-c:\windows\system32\secproc_isv.dll 2010-02-23 19:10 . 2010-01-25 12:48472064----a-w-c:\windows\system32\secproc.dll 2010-02-23 19:10 . 2010-01-25 08:35346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-23 19:10 . 2010-01-25 12:48151040----a-w-c:\windows\system32\secproc_ssp_isv.dll 2010-02-23 19:10 . 2010-01-25 12:48151040----a-w-c:\windows\system32\secproc_ssp.dll 2010-02-23 19:10 . 2010-01-25 12:45329216----a-w-c:\windows\system32\msdrm.dll 2010-02-23 02:27 . 2010-02-23 02:27--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-02-23 02:26 . 2010-02-23 02:26--------d-----w-c:\program files\SUPERAntiSpyware 2010-02-23 02:26 . 2010-02-23 02:26--------d-----w-c:\users\Grant\AppData\Roaming\SUPERAntiSpyware.com 2010-02-23 02:15 . 2010-02-23 02:15--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-02-23 01:51 . 2010-02-23 01:51--------d-----w-c:\users\Grant\AppData\Roaming\OnlineArmor 2010-02-23 01:51 . 2010-02-23 01:51--------d-----w-c:\programdata\OnlineArmor 2010-02-23 01:51 . 2009-12-05 12:2824656----a-w-c:\windows\system32\drivers\OAmon.sys 2010-02-23 01:51 . 2009-12-05 12:27223312----a-w-c:\windows\system32\drivers\OADriver.sys 2010-02-23 01:51 . 2010-02-23 01:51--------d-----w-c:\program files\Tall Emu 2010-02-23 01:46 . 2010-02-11 18:42162512----a-w-c:\windows\system32\drivers\aswSP.sys 2010-02-23 01:46 . 2010-02-11 18:3819024----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2010-02-23 01:46 . 2010-02-11 18:3923376----a-w-c:\windows\system32\drivers\aswRdr.sys 2010-02-23 01:46 . 2010-02-11 18:4246672----a-w-c:\windows\system32\drivers\aswTdi.sys 2010-02-23 01:46 . 2010-02-11 18:3851792----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2010-02-23 01:46 . 2010-02-11 18:5338848----a-w-c:\windows\system32\avastSS.scr 2010-02-23 01:46 . 2010-02-11 18:53153184----a-w-c:\windows\system32\aswBoot.exe 2010-02-23 01:46 . 2010-02-23 01:46--------d-----w-c:\programdata\Alwil Software 2010-02-23 01:46 . 2010-02-23 01:46--------d-----w-c:\program files\Alwil Software 2010-02-17 00:54 . 2010-02-18 03:50--------d-----w-c:\users\Grant\English 2010-02-10 12:41 . 2009-12-11 12:07301568----a-w-c:\windows\system32\drivers\srv.sys 2010-02-10 12:41 . 2009-12-11 12:0798304----a-w-c:\windows\system32\drivers\srvnet.sys 2010-02-08 21:56 . 2010-02-26 06:51--------d-----w-c:\users\Grant\Writers Craft 2010-02-04 20:31 . 2010-02-04 20:31--------d-----w-c:\program files\Accountable2You . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-26 20:30 . 2008-03-16 20:04--------d-----w-c:\programdata\McAfee 2010-02-26 20:17 . 2008-12-11 21:21--------d-----w-c:\users\Grant\AppData\Roaming\DNA 2010-02-26 19:56 . 2009-09-09 03:23--------d-----w-c:\users\Grant\AppData\Roaming\Skype 2010-02-26 19:20 . 2009-12-03 06:41--------d-----w-c:\users\Grant\AppData\Roaming\vlc 2010-02-26 19:05 . 2008-03-16 20:04--------d-----w-c:\program files\McAfee 2010-02-25 22:16 . 2009-03-24 21:08--------d-----w-c:\programdata\Google Updater 2010-02-25 03:11 . 2008-09-13 19:48--------d-----w-c:\users\Grant\AppData\Roaming\uTorrent 2010-02-24 19:45 . 2008-09-13 19:47--------d-----w-c:\program files\Java 2010-02-24 19:32 . 2008-09-07 20:2472936----a-w-c:\users\Grant\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 04:40 . 2008-09-13 19:47--------d-----w-c:\program files\Common Files\Java 2010-02-23 02:39 . 2010-02-23 02:3952224----a-w-c:\users\Grant\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-23 02:39 . 2010-02-23 02:39117760----a-w-c:\users\Grant\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-22 13:19 . 2008-11-07 23:44--------d-----w-c:\program files\Common Files\Symantec Shared 2010-02-16 09:00 . 2010-02-22 13:1984912----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\NAVENG.SYS 2010-02-16 09:00 . 2010-02-22 13:191324720----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\NAVEX15.SYS 2010-02-16 09:00 . 2010-02-16 09:0084912----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys 2010-02-16 09:00 . 2010-02-16 09:001324720----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys 2010-02-11 13:13 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-02-11 09:00 . 2010-02-12 13:1084912----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\NAVENG.SYS 2010-02-11 09:00 . 2010-02-12 13:101324720----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\NAVEX15.SYS 2010-02-10 03:41 . 2009-03-24 21:08--------d-----w-c:\program files\Google 2010-02-05 22:26 . 2010-02-04 20:312238----a-r-c:\users\Grant\AppData\Roaming\Microsoft\Installer\{B40653AD-B1FA-4504-947A-3FC987F10C57}\_D28F3E7169920081E6044C.exe 2010-02-05 22:26 . 2010-02-04 20:312238----a-r-c:\users\Grant\AppData\Roaming\Microsoft\Installer\{B40653AD-B1FA-4504-947A-3FC987F10C57}\_6FEFF9B68218417F98F549.exe 2010-02-01 03:52 . 2008-03-16 19:24--------d--h--w-c:\program files\InstallShield Installation Information 2009-12-28 12:35 . 2010-02-10 12:4011776----a-w-c:\windows\system32\tsbyuv.dll 2009-12-28 12:35 . 2010-02-10 12:401314816----a-w-c:\windows\system32\quartz.dll 2009-12-28 12:32 . 2010-02-10 12:4022528----a-w-c:\windows\system32\msyuv.dll 2009-12-28 12:32 . 2010-02-10 12:4031744----a-w-c:\windows\system32\msvidc32.dll 2009-12-28 12:32 . 2010-02-10 12:40123904----a-w-c:\windows\system32\msvfw32.dll 2009-12-28 12:32 . 2010-02-10 12:4013312----a-w-c:\windows\system32\msrle32.dll 2009-12-28 12:31 . 2010-02-10 12:4082944----a-w-c:\windows\system32\mciavi32.dll 2009-12-28 12:31 . 2010-02-10 12:4050176----a-w-c:\windows\system32\iyuv_32.dll 2009-12-28 12:28 . 2010-02-10 12:4065024----a-w-c:\windows\system32\avicap32.dll 2009-12-28 12:28 . 2010-02-10 12:4091136----a-w-c:\windows\system32\avifil32.dll 2009-12-18 13:05 . 2010-01-22 18:32833024----a-w-c:\windows\system32\wininet.dll 2009-12-18 13:01 . 2010-01-22 18:3278336----a-w-c:\windows\system32\ieencode.dll 2009-12-18 10:14 . 2010-01-22 18:3226624----a-w-c:\windows\system32\ieUnatt.exe 2009-12-14 09:00 . 2010-02-22 13:192747440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\CCERASER.DLL 2009-12-14 09:00 . 2010-02-22 13:19259440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100221.004\ECMSVR32.DLL 2009-12-14 09:00 . 2010-02-12 13:102747440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\CCERASER.DLL 2009-12-14 09:00 . 2010-02-12 13:10259440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100211.002\ECMSVR32.DLL 2009-12-14 09:00 . 2009-12-14 09:002747440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll 2009-12-14 09:00 . 2009-12-14 09:00259440----a-w-c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll 2009-12-08 20:52 . 2010-02-10 12:40897624----a-w-c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:52 . 2010-02-10 12:403597912----a-w-c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:52 . 2010-02-10 12:403546200----a-w-c:\windows\system32\ntoskrnl.exe 2009-12-04 16:12 . 2010-02-10 12:40212992----a-w-c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 16:12 . 2010-02-10 12:40105472----a-w-c:\windows\system32\drivers\mrxsmb.sys 2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-05 06:38121392----a-w-c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Google Update"="c:\users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-17 133104] "BitTorrent DNA"="c:\users\Grant\Program Files\DNA\btdna.exe" [2009-10-07 323392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "x3watch"="c:\program files\X3watch\x3watch.exe" [2008-06-01 299008] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Accountable2You"="c:\program files\Accountable2You\Accountable2You\trayay.exe" [2009-08-03 256000] c:\users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [22/02/2010 8:46 PM 162512] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/03/2008 2:47 PM 269448] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/02/2010 8:46 PM 19024] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/02/2010 8:46 PM 51792] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [09/12/2009 6:59 PM 103280] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [09/12/2009 6:59 PM 126392] R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [16/03/2008 2:01 PM 30752] S2 0060481267211157mcinstcleanup;McAfee Application Installer Cleanup (0060481267211157);c:\windows\TEMP\006048~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\006048~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 gupdate1c9acc4d8d23139;Google Update Service (gupdate1c9acc4d8d23139);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2009 4:09 PM 133104] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?] S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 8:53 AM 892416] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [07/09/2008 3:44 PM 80744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-02-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 21:08] 2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 21:09] 2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 21:09] 2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034286202-2283236669-3436802789-1000Core.job - c:\users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-17 21:34] 2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034286202-2283236669-3436802789-1000UA.job - c:\users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-17 21:34] 2010-02-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-26 17:22] 2010-02-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-26 17:22] . . ------- Supplementary Scan ------- . mStart Page = hxxp://en.ca.acer.yahoo.com uInternet Settings,ProxyOverride = IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\2i751xi2.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Grant\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\users\Grant\Program Files\DNA\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-26 15:38 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.URL" [HKEY_USERS\S-1-5-21-2034286202-2283236669-3436802789-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9154320-3A02-4149-9CC4-A6042B8347C0}] "hahpjmfmdmfjlegl"=hex:6b,61,67,68,64,6e,6e,69,6f,6b,6f,63,67,6b,6d,6e,6f,65, 6b,69,69,68,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5684) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\windows\system32\WUDFHost.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\windows\system32\conime.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\windows\system32\wbem\unsecapp.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************* . Completion time: 2010-02-26 15:44:05 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-26 20:44 ComboFix2.txt 2010-02-25 23:22 Pre-Run: 93,325,516,800 bytes free Post-Run: 93,216,841,728 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 8EF72B23D8B6E6864CB06199C215D5C3* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan Log ESET scan results: C:\Users\Grant\Documents\LimeWire\Saved\Arnold Schoenberg - Teil III - Die wilde Jagd - Waldemar _Erwacht, K?nig Waldemars Mannen 2009.mp3a VARIANT of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\LimeWire\Saved\bittersweet symphony ace MTV.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\LimeWire\Saved\bittersweet symphony cover - greatest hits.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\LimeWire\Saved\surrender marc james (256k 44800).mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\LimeWire\Saved\torches together.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\LimeWire\Saved\Panic At The Disco - PRETTY Odd [Full Album] (2008)\12 PATD - Folkin' Around.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\My Received Files\LimeWire\Incomplete\Preview-T-3545425-if i could fly.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\My Received Files\LimeWire\Saved\Angels and Airwaves - Start the Machine (DVD).avia variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\My Received Files\LimeWire\Saved\if i could fly.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\My Received Files\LimeWire\Saved\Starfield - Filled With Your Glory.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Documents\My Received Files\LimeWire\Saved\Starfield - Unashamed.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined C:\Users\Grant\Downloads\AVICodecPackPlus2.exeWin32/Adware.Webdir applicationdeleted - quarantined C:\Users\Grant\Downloads\exeHelper.comprobably a variant of Win32/Agent trojancleaned by deleting - quarantined C:\Users\Grant\Downloads\Quietdrive - When All That's Left Is You (Full Album)\Quietdrive - When All That's Left Is You (Full Album)\04 Quietdrive - Let Me Go In.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Discussion

No Comment Found

Related InterviewSolutions