[Resolved] Unable to update virus or any other software on Acer

  • 28 Replies
  • 6965 Views
*

Offline Acer Daddy

  • Bronze Member
  • 43
[Resolved] Unable to update virus or any other software on Acer
« on: November 23, 2010, 02:34:24 PM »
Daughter's ACER Aspire One computer will not function.  Google keeps indicating unusual Internet activity.  When I try to load virus software such as AVG it will download ok then I get a errors telling it did not complete.  I got COMCAST Norton to run but I don't think it went deep enough.  Macfee same thing would not launch.  Google SpyWare doctor will not run either.  Also I cannot seem to update her drivers.  Software loads but won't launch.

Below is the HiJackThis file:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:57:55 PM, on 11/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.4.1970.7372\GoogleUpdaterInstallMgr.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad & Mom\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aspire_one
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aspire_one
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 98.142.243.63 www.google.com
O1 - Hosts: 98.142.243.63 google.com
O1 - Hosts: 98.142.243.63 google.com.au
O1 - Hosts: 98.142.243.63 www.google.com.au
O1 - Hosts: 98.142.243.63 google.be
O1 - Hosts: 98.142.243.63 www.google.be
O1 - Hosts: 98.142.243.63 google.com.br
O1 - Hosts: 98.142.243.63 www.google.com.br
O1 - Hosts: 98.142.243.63 google.ca
O1 - Hosts: 98.142.243.63 www.google.ca
O1 - Hosts: 98.142.243.63 google.ch
O1 - Hosts: 98.142.243.63 www.google.ch
O1 - Hosts: 98.142.243.63 google.de
O1 - Hosts: 98.142.243.63 www.google.de
O1 - Hosts: 98.142.243.63 google.dk
O1 - Hosts: 98.142.243.63 www.google.dk
O1 - Hosts: 98.142.243.63 google.fr
O1 - Hosts: 98.142.243.63 www.google.fr
O1 - Hosts: 98.142.243.63 google.ie
O1 - Hosts: 98.142.243.63 www.google.ie
O1 - Hosts: 98.142.243.63 google.it
O1 - Hosts: 98.142.243.63 www.google.it
O1 - Hosts: 98.142.243.63 google.co.jp
O1 - Hosts: 98.142.243.63 www.google.co.jp
O1 - Hosts: 98.142.243.63 google.nl
O1 - Hosts: 98.142.243.63 www.google.nl
O1 - Hosts: 98.142.243.63 google.no
O1 - Hosts: 98.142.243.63 www.google.no
O1 - Hosts: 98.142.243.63 google.co.nz
O1 - Hosts: 98.142.243.63 www.google.co.nz
O1 - Hosts: 98.142.243.63 google.pl
O1 - Hosts: 98.142.243.63 www.google.pl
O1 - Hosts: 98.142.243.63 google.se
O1 - Hosts: 98.142.243.63 www.google.se
O1 - Hosts: 98.142.243.63 google.co.uk
O1 - Hosts: 98.142.243.63 www.google.co.uk
O1 - Hosts: 98.142.243.63 google.co.za
O1 - Hosts: 98.142.243.63 www.google.co.za
O1 - Hosts: 98.142.243.63 www.google-analytics.com
O1 - Hosts: 98.142.243.63 www.bing.com
O1 - Hosts: 98.142.243.63 search.yahoo.com
O1 - Hosts: 98.142.243.63 www.search.yahoo.com
O1 - Hosts: 98.142.243.63 uk.search.yahoo.com
O1 - Hosts: 98.142.243.63 ca.search.yahoo.com
O1 - Hosts: 98.142.243.63 de.search.yahoo.com
O1 - Hosts: 98.142.243.63 fr.search.yahoo.com
O1 - Hosts: 98.142.243.63 au.search.yahoo.com
O1 - Hosts: 98.142.243.63 www.youtube.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 13427 bytes
« Last Edit: November 30, 2010, 08:49:44 AM by kevinf80 »

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #1 on: November 23, 2010, 02:41:07 PM »
HiJackThis also gives an error that the system has been denied write access to the Hosts file.  This seems like a good clue because if all the software loads are getting this error that would explain why they will not launch.

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #2 on: November 23, 2010, 03:25:33 PM »
Hiya Acer Daddy,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Before saving to your Desktop re-name to Gotcha.exe as below:



Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection


Note:  Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Step 2

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post the logs from Combofix (Gotcha) and Security Checks in your reply, also a fresh HJT log.

Kevin

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #3 on: November 23, 2010, 07:32:52 PM »
Kevin:

As requested here are 2 of the 3 items you requested.  Thanks!  AD


Notes on Security Check:  I could not get Security Check to run properly.  It attempts to run but it can't "find a specified path"  then it runs and provides an empty note pad.  Tried 5x

ComboFix Log:  (see below)  (also a new Hijack this is below as well do a search on **HiJack Log** HERE: to find the beginning of the log for HiJackthis

ComboFix 10-11-23.01 - Dad & Mom 11/23/2010  15:55:42.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.363 [GMT -7:00]
Running from: c:\documents and settings\Dad & Mom\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\aa5c20
c:\documents and settings\All Users\Application Data\aa5c20\3336.mof
c:\documents and settings\All Users\Application Data\aa5c20\55b80840ea8ae8937f3f0cc5cc520278.ocx
c:\documents and settings\All Users\Application Data\aa5c20\BackUp\Acer VCM.lnk
c:\documents and settings\All Users\Application Data\aa5c20\BackUp\Bluetooth.lnk
c:\documents and settings\All Users\Application Data\aa5c20\BackUp\InterVideo WinCinema Manager.lnk
c:\documents and settings\All Users\Application Data\aa5c20\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\aa5c20\d2p45e7gu8z6avjsge7tm9gigdcswm9q0g.dll
c:\documents and settings\All Users\Application Data\aa5c20\SME.ico
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\Cache\0C092E49.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\program files\FunWebProducts\Shared\0C4F90B8.dat
c:\program files\GamesBar\obERontb.dll
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe

.
(((((((((((((((((((((((((   Files Created from 2010-10-23 to 2010-11-23  )))))))))))))))))))))))))))))))
.

2010-11-23 22:35 . 2010-11-23 22:36   --------   d-----w-   C:\rei
2010-11-23 22:35 . 2010-11-23 22:35   --------   d-----w-   c:\program files\Reimage
2010-11-22 05:57 . 2010-02-05 16:17   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-11-22 05:57 . 2010-03-29 17:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-11-22 05:57 . 2009-11-23 20:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-22 05:57 . 2010-04-08 21:29   63360   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\program files\Spyware Doctor
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\documents and settings\Dad & Mom\Application Data\PC Tools
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2010-11-22 05:46 . 2010-11-23 20:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-11-22 05:05 . 2010-11-22 05:06   --------   d-----w-   c:\documents and settings\Dad & Mom\Application Data\Skype
2010-11-21 06:20 . 2010-11-21 06:23   --------   d-----w-   c:\documents and settings\Dad & Mom\Local Settings\Application Data\Temp
2010-11-21 05:10 . 2010-11-21 05:10   --------   d-----w-   c:\documents and settings\Administrator
2010-11-20 15:53 . 2009-05-18 22:17   26600   ----a-r-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-20 15:53 . 2008-04-17 21:12   107368   ----a-r-   c:\windows\system32\GEARAspi.dll
2010-11-20 15:53 . 2010-11-20 15:53   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-11-20 15:53 . 2010-11-20 15:53   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-20 15:53 . 2010-11-20 16:01   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-11-20 15:53 . 2010-11-20 15:53   --------   d-----w-   c:\program files\Symantec
2010-11-20 15:52 . 2010-11-22 04:38   --------   d-----w-   c:\windows\system32\drivers\N360
2010-11-20 15:52 . 2010-11-20 15:52   --------   d-----w-   c:\program files\Norton Security Suite
2010-11-20 15:52 . 2010-11-20 15:52   --------   d-----w-   c:\program files\Windows Sidebar
2010-11-20 15:51 . 2010-11-20 15:51   --------   d-----w-   c:\program files\NortonInstaller
2010-11-20 15:49 . 2010-11-20 15:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2010-11-10 17:33 . 2010-11-10 17:33   --------   d-----w-   c:\documents and settings\Dad & Mom\Application Data\AVG10
2010-11-10 15:13 . 2010-11-10 15:13   --------   d-----w-   c:\documents and settings\Dad & Mom\Local Settings\Application Data\Ahead
2010-11-10 05:38 . 2010-11-10 05:38   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2010-11-10 05:36 . 2010-11-22 04:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG10
2010-11-10 05:11 . 2010-11-10 05:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2010-11-10 04:25 . 2010-11-10 04:28   --------   d-----w-   c:\program files\Common Files\Nero
2010-11-10 04:25 . 2010-11-10 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Nero
2010-11-10 04:25 . 2010-11-10 04:25   --------   d-----w-   c:\program files\Nero
2010-11-10 04:23 . 2004-08-11 08:45   819200   ----a-w-   c:\program files\Windows Media Player\wmsetsdk.exe
2010-11-10 04:23 . 2004-08-11 08:45   47616   ----a-w-   c:\program files\Windows Media Player\msoobci.dll
2010-10-26 21:23 . 2010-10-26 21:23   --------   d-----w-   c:\documents and settings\Dad & Mom\Bluetooth Software
2010-10-26 00:25 . 2010-10-26 00:25   --------   d-----w-   c:\documents and settings\Dad & Mom\Local Settings\Application Data\Adobe
2010-10-25 20:49 . 2008-04-14 12:00   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2010-10-25 20:49 . 2008-04-14 12:00   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:23 . 2009-03-11 12:53   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-11 12:53   974848   ----a-w-   c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-11 12:53   954368   ----a-w-   c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-11 12:53   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-22 04:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2009-12-26 17:00   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-09-09 13:38 . 2009-03-11 12:53   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2009-03-11 12:53   1830912   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2009-03-11 12:53   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2009-03-11 12:52   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2009-03-11 12:53   389120   ----a-w-   c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-03-11 12:52   285824   ----a-w-   c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-11 12:53   1852800   ----a-w-   c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-11 12:53   119808   ----a-w-   c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-11 12:53   99840   ----a-w-   c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-11 12:53   357248   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-28 10:03   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 68856]
"Google Update"="c:\documents and settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-12-27 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll  [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20   57344   ----a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18   294544   ----a-w-   c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-24 10:18   30192   ----a-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00   166424   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54   178712   ----a-w-   c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00   141848   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00   208952   ----a-w-   c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 23:06   1840424   ----a-w-   c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JSIModule]
2010-10-21 21:42   188928   ----a-w-   c:\program files\CrushCalc\jsi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-12-30 07:09   875016   ----a-w-   c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00   59392   ----a-w-   c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00   137752   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00   455168   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00   455168   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2008-07-30 02:29   200704   ----a-w-   c:\windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-24 07:40   17529856   ----a-w-   c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-26 06:28   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-05 10:32   1430824   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/21/2010 10:57 PM 218592]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [11/21/2010 9:24 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [11/21/2010 9:24 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/4/2010 3:02 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [11/21/2010 9:24 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [11/21/2010 9:24 PM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [11/21/2010 9:24 PM 126392]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/20/2010 8:57 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101122.004\IDSXpx86.sys [10/19/2010 1:36 PM 341880]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [7/13/2009 11:52 PM 145152]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 10:46 PM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-22 05:46]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 05:46]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 05:46]

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852255402-1987657003-3825228898-1008Core.job
- c:\documents and settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-21 23:02]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852255402-1987657003-3825228898-1008UA.job
- c:\documents and settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-21 23:02]

2010-11-23 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-11-02 07:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.startsearcher.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 16:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-11-23  16:07:12 - machine was rebooted
ComboFix-quarantined-files.txt  2010-11-23 23:07

Pre-Run: 135,404,511,232 bytes free
Post-Run: 135,436,091,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B51F9E3772E69D361BA577E39F34F1BC


**HiJack Log** HERE:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:57 PM, on 11/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad & Mom\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 98.142.243.63 www.google.com
O1 - Hosts: 98.142.243.63 google.com
O1 - Hosts: 98.142.243.63 google.com.au
O1 - Hosts: 98.142.243.63 www.google.com.au
O1 - Hosts: 98.142.243.63 google.be
O1 - Hosts: 98.142.243.63 www.google.be
O1 - Hosts: 98.142.243.63 google.com.br
O1 - Hosts: 98.142.243.63 www.google.com.br
O1 - Hosts: 98.142.243.63 google.ca
O1 - Hosts: 98.142.243.63 www.google.ca
O1 - Hosts: 98.142.243.63 google.ch
O1 - Hosts: 98.142.243.63 www.google.ch
O1 - Hosts: 98.142.243.63 google.de
O1 - Hosts: 98.142.243.63 www.google.de
O1 - Hosts: 98.142.243.63 google.dk
O1 - Hosts: 98.142.243.63 www.google.dk
O1 - Hosts: 98.142.243.63 google.fr
O1 - Hosts: 98.142.243.63 www.google.fr
O1 - Hosts: 98.142.243.63 google.ie
O1 - Hosts: 98.142.243.63 www.google.ie
O1 - Hosts: 98.142.243.63 google.it
O1 - Hosts: 98.142.243.63 www.google.it
O1 - Hosts: 98.142.243.63 google.co.jp
O1 - Hosts: 98.142.243.63 www.google.co.jp
O1 - Hosts: 98.142.243.63 google.nl
O1 - Hosts: 98.142.243.63 www.google.nl
O1 - Hosts: 98.142.243.63 google.no
O1 - Hosts: 98.142.243.63 www.google.no
O1 - Hosts: 98.142.243.63 google.co.nz
O1 - Hosts: 98.142.243.63 www.google.co.nz
O1 - Hosts: 98.142.243.63 google.pl
O1 - Hosts: 98.142.243.63 www.google.pl
O1 - Hosts: 98.142.243.63 google.se
O1 - Hosts: 98.142.243.63 www.google.se
O1 - Hosts: 98.142.243.63 google.co.uk
O1 - Hosts: 98.142.243.63 www.google.co.uk
O1 - Hosts: 98.142.243.63 google.co.za
O1 - Hosts: 98.142.243.63 www.google.co.za
O1 - Hosts: 98.142.243.63 www.google-analytics.com
O1 - Hosts: 98.142.243.63 www.bing.com
O1 - Hosts: 98.142.243.63 search.yahoo.com
O1 - Hosts: 98.142.243.63 www.search.yahoo.com
O1 - Hosts: 98.142.243.63 uk.search.yahoo.com
O1 - Hosts: 98.142.243.63 ca.search.yahoo.com
O1 - Hosts: 98.142.243.63 de.search.yahoo.com
O1 - Hosts: 98.142.243.63 fr.search.yahoo.com
O1 - Hosts: 98.142.243.63 au.search.yahoo.com
O1 - Hosts: 98.142.243.63 www.youtube.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 12243 bytes

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #4 on: November 24, 2010, 04:17:46 AM »
Hiya AD,

You have a mix mash of security programs installed, these need to be addressed or we will have major issues with the OS. From the logs it appears that Norton is your preferred  option, therefore AVG and McAfee will need removing. If this is incorrect let me know your preferred setup.

Proceed as follows please :-

Step 1

Download the AVG removal tool from Here and save to desktop, reboot into safemode. Double click on the tool to run it and follow any prompts. Re-boot to Normal mode when finished.

Step 2

Go Here and follow the instructions to completly remove McAfee from your system. Re-boot.

Step 3

Please download OTM by OldTimer.
Alternative Mirror 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [Purity]
    [ResetHosts]

    ---------------------------------------------------------------------

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

What i`d like in your reply :-

  • Log from OTM
  • Log from Malwarebytes
  • Fresh HJT log
  • Systemupdate, improvements? issues?

Kevin

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #5 on: November 24, 2010, 08:57:52 AM »
Kevin:

Do you have a link to help me get a tool to Reimage Repair to uninstall their product.  I was Hijacked yesterday when I tried to download ComboFix (I think) and Reimage loaded and ran.  It seems to be a virus tool so I want to remove it as well. 

Also the AVG remove threw a lot of Path errors so I am not sure how well it worked, see below for a few examples:   2010-11-24 14:27:15,328 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2010-11-24 14:27:15,328 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2010-11-24 14:27:15,328 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2010-11-24 14:27:15,328 WARN AvgDir param empty.

Macafee uninstall seemed to run ok but it would not let me open the log to double check.

If you can shoot me an uninstall for Reimage Repair I will continue and follow all of your requests from this morning.

Thanks!  AD

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #6 on: November 24, 2010, 02:03:02 PM »
Hiya AD,

As far as i`m aware Reimage Repair is a genuine application and should be uninstalled via Add/Remove Programs. Please complete steps 3 & 4 from my last reply. Next run DDS and post the two logs it produces. I`ll remove any remnants from AVG, McAfee and Reimage Repair for you when I see the requested logs.

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

 
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

What i`d like in your reply :-

  • Log from OTM
  • Log from Malwarebytes
  • Both logs from DDS

Kevin

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #7 on: November 24, 2010, 09:18:34 PM »
The Following contains Logs From:  OTM Malwarebytes HJT DDS.txt Attach.txt

I will add search headers for each file so you can find the beginning, they will be:

**OTM**  **Malwarebytes**  **HJT**  **DDS.TXT** **Attach.txt**


Thanks!

Acer Daddy


**OTM**


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dad & Mom\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dad & Mom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 531 bytes
 
User: All Users
 
User: Ben Nuanes
 
User: Dad & Mom
->Temp folder emptied: 541516 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 47939727 bytes
->Flash cache emptied: 37621 bytes
 
User: Default User
->Temp folder emptied: 61341689 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2623320 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 21718 bytes
 
Total Files Cleaned = 107.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTM by OldTimer - Version 3.1.17.2 log created on 11242010_101425

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat not found!

Registry entries deleted on Reboot...


**Malwarebytes**


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5185

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/24/2010 8:01:38 PM
mbam-log-2010-11-24 (20-01-38).txt

Scan type: Quick scan
Objects scanned: 149915
Time elapsed: 8 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**HJT**

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:08 PM, on 11/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Dad & Mom\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: ˙ž127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 8980 bytes

**DDS.TXT**


DDS (Ver_10-11-10.01) - NTFSx86 
Run by Dad & Mom at 20:05:48.82 on Wed 11/24/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.551 [GMT -7:00]

AV: Norton Security Suite *On-access scanning disabled* (Updated)   {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled*   {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: AVG Firewall *disabled*   {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad & Mom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Dad & Mom\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.startsearcher.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\dad & mom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-21 218592]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-21 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-4 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-21 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-21 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-11-21 126392]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-20 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101123.001\IDSXpx86.sys [2010-10-19 341880]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-7-13 145152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-11 30192]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101124.032\NAVENG.SYS [2010-11-24 86064]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101124.032\NAVEX15.SYS [2010-11-24 1371184]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-11-25 02:49:36   --------   d-----w-   c:\docume~1\dad&mo~1\applic~1\Malwarebytes
2010-11-25 02:49:25   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 02:49:24   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-25 02:49:23   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-25 02:49:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-24 17:14:25   --------   d-----w-   C:\_OTM
2010-11-23 22:54:30   --------   d-sha-r-   C:\cmdcons
2010-11-23 22:52:44   98816   ----a-w-   c:\windows\sed.exe
2010-11-23 22:52:44   89088   ----a-w-   c:\windows\MBR.exe
2010-11-23 22:52:44   256512   ----a-w-   c:\windows\PEV.exe
2010-11-23 22:52:44   161792   ----a-w-   c:\windows\SWREG.exe
2010-11-22 05:57:52   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-11-22 05:57:49   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-22 05:57:49   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-11-22 05:57:43   63360   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-11-22 05:57:03   --------   d-----w-   c:\program files\Spyware Doctor
2010-11-22 05:57:03   --------   d-----w-   c:\program files\common files\PC Tools
2010-11-22 05:57:03   --------   d-----w-   c:\docume~1\dad&mo~1\applic~1\PC Tools
2010-11-22 05:57:03   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2010-11-22 04:24:19   361904   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2010-11-22 04:24:19   339504   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-11-22 04:24:19   328752   ----a-r-   c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-11-22 04:24:19   173104   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-11-22 04:24:18   501888   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-11-22 04:24:18   43696   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-11-22 04:24:18   325680   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-11-22 04:24:18   116784   ----a-w-   c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-11-22 04:23:54   --------   d-----w-   c:\windows\system32\drivers\n360\0403000.005
2010-11-21 06:20:11   --------   d-----w-   c:\docume~1\dad&mo~1\locals~1\applic~1\Temp
2010-11-20 15:53:50   26600   ----a-r-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-20 15:53:50   107368   ----a-r-   c:\windows\system32\GEARAspi.dll
2010-11-20 15:53:38   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-11-20 15:53:38   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-20 15:53:37   --------   d-----w-   c:\program files\Symantec
2010-11-20 15:53:37   --------   d-----w-   c:\program files\common files\Symantec Shared
2010-11-20 15:52:27   --------   d-----w-   c:\windows\system32\drivers\N360
2010-11-20 15:52:24   --------   d-----w-   c:\program files\Norton Security Suite
2010-11-20 15:51:58   --------   d-----w-   c:\program files\NortonInstaller
2010-11-20 15:51:58   --------   d-----w-   c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-11-20 15:49:58   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Norton
2010-11-10 17:33:52   --------   d-----w-   c:\docume~1\dad&mo~1\applic~1\AVG10
2010-11-10 15:13:50   --------   d-----w-   c:\docume~1\dad&mo~1\locals~1\applic~1\Ahead
2010-11-10 05:38:10   --------   d--h--w-   c:\docume~1\alluse~1\applic~1\Common Files
2010-11-10 05:36:29   --------   d-----w-   c:\docume~1\alluse~1\applic~1\AVG10
2010-11-10 05:11:44   --------   d-----w-   c:\docume~1\alluse~1\applic~1\MFAData
2010-11-10 04:25:15   --------   d-----w-   c:\program files\Nero
2010-11-10 04:25:15   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Nero
2010-11-10 04:23:57   819200   ----a-w-   c:\program files\windows media player\wmsetsdk.exe
2010-11-10 04:23:57   47616   ----a-w-   c:\program files\windows media player\msoobci.dll
2010-11-10 04:23:37   --------   d-----w-   c:\windows\RegisteredPackages
2010-10-26 21:23:42   --------   d-----w-   c:\documents and settings\dad & mom\Bluetooth Software

==================== Find3M  ====================

2010-09-18 18:23:26   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25   974848   ----a-w-   c:\windows\system32\mfc42.dll
2010-09-18 06:53:25   954368   ----a-w-   c:\windows\system32\mfc40.dll
2010-09-18 06:53:25   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2010-09-15 11:50:37   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-15 09:29:49   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-09-09 13:38:01   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-09-09 13:38:01   1830912   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-09-09 13:38:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-09-08 15:57:57   389120   ----a-w-   c:\windows\system32\html.iec
2010-09-01 11:51:14   285824   ----a-w-   c:\windows\system32\atmfd.dll
2010-08-31 13:42:52   1852800   ----a-w-   c:\windows\system32\win32k.sys
2010-08-27 08:02:29   119808   ----a-w-   c:\windows\system32\t2embed.dll
2010-08-27 05:57:43   99840   ----a-w-   c:\windows\system32\srvsvc.dll

============= FINISH: 20:06:43.78 ===============

**Attach.txt**


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2009 11:27:10 PM
System Uptime: 11/24/2010 8:03:13 PM (0 hours ago)

Motherboard: Acer |  | Aspire one     
Processor:          Intel(R) Atom(TM) CPU N270   @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 126.25 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP32: 8/23/2010 1:43:42 PM - System Checkpoint
RP33: 9/21/2010 3:37:05 AM - Software Distribution Service 3.0
RP34: 9/21/2010 7:53:37 PM - Software Distribution Service 3.0
RP35: 9/21/2010 9:38:57 PM - Software Distribution Service 3.0
RP36: 9/21/2010 10:11:53 PM - Installed Java(TM) 6 Update 21
RP37: 9/21/2010 10:18:02 PM - Software Distribution Service 3.0
RP38: 9/24/2010 5:27:09 PM - System Checkpoint
RP39: 9/24/2010 10:48:25 PM - Software Distribution Service 3.0
RP40: 9/28/2010 2:26:27 PM - System Checkpoint
RP41: 9/30/2010 6:35:29 AM - Software Distribution Service 3.0
RP42: 10/1/2010 6:05:04 PM - System Checkpoint
RP43: 10/7/2010 11:51:20 AM - Software Distribution Service 3.0
RP44: 10/9/2010 10:09:57 AM - Software Distribution Service 3.0
RP45: 10/10/2010 7:10:54 PM - System Checkpoint
RP46: 10/13/2010 6:44:04 AM - Software Distribution Service 3.0
RP47: 10/14/2010 6:55:11 AM - System Checkpoint
RP48: 10/16/2010 9:28:00 AM - System Checkpoint
RP49: 10/23/2010 9:06:08 PM - System Checkpoint
RP50: 10/25/2010 7:29:31 PM - System Checkpoint
RP51: 11/9/2010 7:38:57 PM - Installed 32 Bit HP CIO Components Installer
RP52: 11/9/2010 7:39:06 PM - Removed 32 Bit HP CIO Components Installer
RP53: 11/9/2010 9:20:00 PM - Installed DirectX
RP54: 11/9/2010 9:25:02 PM - Installed Nero 8 Essentials
RP55: 11/9/2010 9:44:10 PM - Installed Java(TM) 6 Update 22
RP56: 11/9/2010 10:02:49 PM - Installed DriverBoost.
RP57: 11/9/2010 10:35:42 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP58: 11/9/2010 10:35:53 PM - Installed AVG 2011
RP59: 11/9/2010 10:39:28 PM - Installed AVG 2011
RP60: 11/9/2010 10:39:34 PM - Removed AVG 2011
RP61: 11/9/2010 10:44:02 PM - Software Distribution Service 3.0
RP62: 11/10/2010 8:21:02 AM - Installed AVG 2011
RP63: 11/10/2010 8:25:09 AM - Installed AVG 2011
RP64: 11/10/2010 8:25:17 AM - Removed AVG 2011
RP65: 11/10/2010 8:50:16 AM - Installed AVG 2011
RP66: 11/10/2010 8:53:02 AM - Installed AVG 2011
RP67: 11/10/2010 8:53:09 AM - Removed AVG 2011
RP68: 11/10/2010 9:29:01 AM - Installed AVG 2011
RP69: 11/10/2010 9:31:11 AM - Installed AVG 2011
RP70: 11/10/2010 9:31:17 AM - Removed AVG 2011
RP71: 11/17/2010 6:57:04 PM - Software Distribution Service 3.0
RP72: 11/20/2010 11:47:40 AM - System Checkpoint
RP73: 11/20/2010 9:28:10 PM - Removed DriverBoost.
RP74: 11/20/2010 9:33:08 PM - Removed AVG 2011
RP75: 11/20/2010 9:40:51 PM - Removed AVG 2011
RP76: 11/20/2010 9:49:20 PM - Removed AVG 2011
RP77: 11/20/2010 9:55:05 PM - Removed AVG 2011
RP78: 11/20/2010 10:06:19 PM - Removed AVG 2011
RP79: 11/21/2010 9:19:03 PM - Installed AVG 2011
RP80: 11/21/2010 9:23:32 PM - Installed AVG 2011
RP81: 11/21/2010 9:23:39 PM - Removed AVG 2011
RP82: 11/21/2010 10:06:58 PM - Removed Skype™ 4.2
RP83: 11/21/2010 10:07:41 PM - Removed Skype Toolbars

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer ScreenSaver
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
C:\Program Files\Acer GameZone\GameConsole
Carbonite Online Backup Setup
CCleaner
Choice Guard
Cisco Connect
Compatibility Pack for the 2007 Office system
eSobi v2
GamesBar 2.0.1.12
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Smart Web Printing
HP Update
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Norton Security Suite
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SmartWebPrinting
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VCRedistSetup
WebCam
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime

==== Event Viewer Messages From Past Week ========

11/24/2010 8:04:15 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
11/24/2010 8:04:01 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  amdagp
11/24/2010 7:31:10 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
11/24/2010 10:14:25 AM, error: Service Control Manager [7034]  - The Raw Socket Service service terminated unexpectedly.  It has done this 1 time(s).
11/24/2010 10:14:25 AM, error: Service Control Manager [7034]  - The IviRegMgr service terminated unexpectedly.  It has done this 1 time(s).
11/24/2010 10:14:25 AM, error: Service Control Manager [7034]  - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).
11/24/2010 10:14:25 AM, error: Service Control Manager [7031]  - The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/23/2010 3:36:20 PM, error: Service Control Manager [7000]  - The cpuz132 service failed to start due to the following error:  The system cannot find the path specified.
11/21/2010 9:36:20 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON Tcpip
11/21/2010 9:36:20 PM, error: Service Control Manager [7003]  - The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver
11/21/2010 9:36:20 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
11/21/2010 9:36:20 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/21/2010 9:36:20 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/21/2010 9:36:20 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
11/21/2010 9:35:17 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/21/2010 9:34:58 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/21/2010 10:07:04 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
11/20/2010 11:15:59 PM, error: Service Control Manager [7000]  - The McAfee SiteAdvisor Service service failed to start due to the following error:  The system cannot find the path specified.
11/20/2010 11:15:59 PM, error: Service Control Manager [7000]  - The McAfee Real-time Scanner service failed to start due to the following error:  The system cannot find the path specified.
11/20/2010 11:15:59 PM, error: Service Control Manager [7000]  - The McAfee Personal Firewall Service service failed to start due to the following error:  The system cannot find the path specified.
11/20/2010 11:15:59 PM, error: Service Control Manager [7000]  - The McAfee Network Agent service failed to start due to the following error:  The system cannot find the path specified.
11/20/2010 10:28:25 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/20/2010 10:24:12 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/20/2010 10:12:09 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgldx86 Avgmfx86 BHDrvx86 ccHP eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
11/20/2010 10:09:02 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
11/20/2010 10:09:02 PM, error: Service Control Manager [7000]  - The AVG WatchDog service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================




*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #8 on: November 25, 2010, 03:58:04 AM »
Hiya AD,

Proceed as follows please :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it: **Nite the scroll bar, make sure you copy them all**

Code: [Select]

KillAll::
Folder::
c:\program files\Reimage
c:\documents and settings\Dad & Mom\Application Data\AVG10
c:\documents and settings\All Users\Application Data\AVG10
File::
c:\windows\system32\drivers\avgfwdx.sys
DirLook::
C:\rei
Driver::
Avgfwfd
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your
system.

Post the logs from Combofix and ESET in your reply, also any remaining issues/concerns.

Kevin

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #9 on: November 26, 2010, 11:58:57 PM »
I think we are really getting somewhere.  ESET found 43 infected files.  Acer Daddy

New ComboFix & ESETScan



Found by **ComboFix** & **ESETScan**

**ComboFix**

ComboFix 10-11-24.04 - Dad & Mom 11/25/2010   6:20.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.555 [GMT -7:00]
Running from: c:\documents and settings\Dad & Mom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dad & Mom\Desktop\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 * Created a new restore point

FILE ::
"c:\windows\system32\drivers\avgfwdx.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\All Users\Application Data\AVG10\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\AVG10\cfgall\fw.cfg
c:\documents and settings\All Users\Application Data\AVG10\Chjw\eeda99bdda99830f.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\eeda99bdda99830f\avgcchff.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\eeda99bdda99830f\avgcchfi.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\eeda99bdda99830f\avgcchmf.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\eeda99bdda99830f\avgcchmi.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\analyzerConfig.xml
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\globalConfig.xml
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\userList.zip
c:\documents and settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\downloads.xml
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\messages.xml
c:\documents and settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent.log
c:\documents and settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_boot.log
c:\documents and settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_graph.log
c:\documents and settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_malware.log
c:\documents and settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_node.log
c:\documents and settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_removed.log
c:\documents and settings\All Users\Application Data\AVG10\IDS\malwareprofile\nodes.dat
c:\documents and settings\All Users\Application Data\AVG10\IDS\profile\globalLoadable.gdb
c:\documents and settings\All Users\Application Data\AVG10\log\avgcfg.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjw.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgfw.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgfw.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgldr.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgtdi.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\commonpriv.log
c:\documents and settings\All Users\Application Data\AVG10\log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\fwstats_2010_11_22_04_21_41.fwstats
c:\documents and settings\All Users\Application Data\AVG10\log\fwstats_2010_11_22_04_23_16.fwstats
c:\documents and settings\All Users\Application Data\AVG10\log\IDP\log\avgfws_idp_SYSTEM.log
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\AlertMgx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\AntiRkx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\Antivirx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\Avgx86.msi
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\AVIsx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\basex.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\COREx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\COREx86.msi
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\Emailsx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\GUIx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\idatx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\IDPx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\lng_usx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\OnlnScx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\ResShldx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\SrchSrfx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\SSHttpBx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\TDIDrvx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\TuneUpx.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\Update2x.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\Updatex.cab
c:\documents and settings\All Users\Application Data\AVG10\SetupBackup\xplx.cab
c:\documents and settings\Dad & Mom\Application Data\AVG10
c:\documents and settings\Dad & Mom\Application Data\AVG10\cfgall\usergui.cfg
c:\windows\system32\drivers\avgfwdx.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Avgfwfd


(((((((((((((((((((((((((   Files Created from 2010-10-25 to 2010-11-25  )))))))))))))))))))))))))))))))
.

2010-11-25 02:49 . 2010-11-25 02:49   --------   d-----w-   c:\documents and settings\Dad & Mom\Application Data\Malwarebytes
2010-11-25 02:49 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 02:49 . 2010-11-25 02:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-25 02:49 . 2010-11-25 02:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-25 02:49 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-24 17:14 . 2010-11-24 17:14   --------   d-----w-   C:\_OTM
2010-11-22 05:57 . 2010-02-05 16:17   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-11-22 05:57 . 2010-03-29 17:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-11-22 05:57 . 2009-11-23 20:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-22 05:57 . 2010-04-08 21:29   63360   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\program files\Spyware Doctor
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\documents and settings\Dad & Mom\Application Data\PC Tools
2010-11-22 05:57 . 2010-11-22 05:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2010-11-22 05:46 . 2010-11-23 20:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-11-22 05:05 . 2010-11-22 05:06   --------   d-----w-   c:\documents and settings\Dad & Mom\Application Data\Skype
2010-11-21 06:20 . 2010-11-21 06:23   --------   d-----w-   c:\documents and settings\Dad & Mom\Local Settings\Application Data\Temp
2010-11-21 05:10 . 2010-11-21 05:10   --------   d-----w-   c:\documents and settings\Administrator
2010-11-20 15:53 . 2009-05-18 22:17   26600   ----a-r-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-20 15:53 . 2008-04-17 21:12   107368   ----a-r-   c:\windows\system32\GEARAspi.dll
2010-11-20 15:53 . 2010-11-20 15:53   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-11-20 15:53 . 2010-11-20 15:53   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-20 15:53 . 2010-11-20 16:01   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-11-20 15:53 . 2010-11-20 15:53   --------   d-----w-   c:\program files\Symantec
2010-11-20 15:52 . 2010-11-22 04:38   --------   d-----w-   c:\windows\system32\drivers\N360
2010-11-20 15:52 . 2010-11-20 15:52   --------   d-----w-   c:\program files\Norton Security Suite
2010-11-20 15:52 . 2010-11-20 15:52   --------   d-----w-   c:\program files\Windows Sidebar
2010-11-20 15:51 . 2010-11-20 15:51   --------   d-----w-   c:\program files\NortonInstaller
2010-11-20 15:49 . 2010-11-20 15:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2010-11-10 15:13 . 2010-11-10 15:13   --------   d-----w-   c:\documents and settings\Dad & Mom\Local Settings\Application Data\Ahead
2010-11-10 05:38 . 2010-11-10 05:38   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2010-11-10 05:11 . 2010-11-10 05:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2010-11-10 04:25 . 2010-11-10 04:28   --------   d-----w-   c:\program files\Common Files\Nero
2010-11-10 04:25 . 2010-11-10 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Nero
2010-11-10 04:25 . 2010-11-10 04:25   --------   d-----w-   c:\program files\Nero
2010-11-10 04:23 . 2004-08-11 08:45   819200   ----a-w-   c:\program files\Windows Media Player\wmsetsdk.exe
2010-11-10 04:23 . 2004-08-11 08:45   47616   ----a-w-   c:\program files\Windows Media Player\msoobci.dll
2010-10-26 21:23 . 2010-10-26 21:23   --------   d-----w-   c:\documents and settings\Dad & Mom\Bluetooth Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:23 . 2009-03-11 12:53   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-11 12:53   974848   ----a-w-   c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-11 12:53   954368   ----a-w-   c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-11 12:53   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-22 04:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2009-12-26 17:00   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-09-09 13:38 . 2009-03-11 12:53   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2009-03-11 12:53   1830912   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2009-03-11 12:53   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2009-03-11 12:52   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2009-03-11 12:53   389120   ----a-w-   c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-03-11 12:52   285824   ----a-w-   c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-11 12:53   1852800   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\rei ----



(((((((((((((((((((((((((((((   SnapShot@2010-11-23_23.04.06   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-25 13:33 . 2010-11-25 13:33   16384              c:\windows\Temp\Perflib_Perfdata_6c8.dat
+ 2009-03-11 12:53 . 2010-11-25 03:07   68788              c:\windows\system32\perfc009.dat
- 2009-03-11 12:53 . 2010-11-23 20:26   68788              c:\windows\system32\perfc009.dat
+ 2009-03-11 12:53 . 2010-11-25 03:07   434834              c:\windows\system32\perfh009.dat
- 2009-03-11 12:53 . 2010-11-23 20:26   434834              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 68856]
"Google Update"="c:\documents and settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-12-27 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll  [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20   57344   ----a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18   294544   ----a-w-   c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-24 10:18   30192   ----a-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00   166424   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54   178712   ----a-w-   c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00   141848   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00   208952   ----a-w-   c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 23:06   1840424   ----a-w-   c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JSIModule]
2010-10-21 21:42   188928   ----a-w-   c:\program files\CrushCalc\jsi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-12-30 07:09   875016   ----a-w-   c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00   59392   ----a-w-   c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00   137752   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00   455168   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00   455168   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2008-07-30 02:29   200704   ----a-w-   c:\windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-24 07:40   17529856   ----a-w-   c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-26 06:28   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-05 10:32   1430824   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/21/2010 10:57 PM 218592]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [11/21/2010 9:24 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [11/21/2010 9:24 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/4/2010 3:02 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [11/21/2010 9:24 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [11/21/2010 9:24 PM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [11/21/2010 9:24 PM 126392]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/20/2010 8:57 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101124.002\IDSXpx86.sys [10/19/2010 1:36 PM 341880]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [7/13/2009 11:52 PM 145152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 10:46 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-11-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-22 05:46]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 05:46]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 05:46]

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852255402-1987657003-3825228898-1008Core.job
- c:\documents and settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-21 23:02]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852255402-1987657003-3825228898-1008UA.job
- c:\documents and settings\Dad & Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-21 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.startsearcher.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 06:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-25  06:50:06 - machine was rebooted
ComboFix-quarantined-files.txt  2010-11-25 13:49
ComboFix2.txt  2010-11-23 23:07

Pre-Run: 135,523,020,800 bytes free
Post-Run: 135,494,135,808 bytes free

- - End Of File - - D92C741E611EBB69E312241A5DD51A2B


**ESETScan**

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\aa5c20\3336.mof.vir   Win32/RogueAV.A trojan
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir   a variant of Win32/Toolbar.MyWebSearch.M application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP49\A0010608.exe   a variant of Win32/Injector.DJK trojan
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015428.dll   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015429.dll   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015430.scr   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015433.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015434.DLL   Win32/Adware.FunWeb application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015435.DLL   Win32/Adware.FunWeb application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015436.DLL   Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015437.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015438.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015439.DLL   Win32/Adware.FunWeb application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015440.SCR   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015441.DLL   Win32/Toolbar.MyWebSearch.D application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015442.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015443.EXE   Win32/Adware.FunWeb application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015446.DLL   Win32/Toolbar.MyWebSearch.H application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015447.DLL   a variant of Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015449.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015451.EXE   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015453.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015454.DLL   Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015455.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015457.EXE   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015458.EXE   Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015459.EXE   Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015460.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015461.EXE   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015462.DLL   Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015463.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015464.EXE   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015465.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015466.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015480.DLL   Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015481.DLL   Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015482.DLL   a variant of Win32/Toolbar.MyWebSearch.K application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP72\A0015483.DLL   Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP77\A0015768.dll   a variant of Win32/Toolbar.MyWebSearch.K application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP83\A0016678.mof   Win32/RogueAV.A trojan
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP83\A0016686.DLL   a variant of Win32/Toolbar.MyWebSearch.M application
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP83\A0016687.DLL   Win32/Toolbar.MyWebSearch application


*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #10 on: November 27, 2010, 03:29:24 AM »
Hiya AD,

Yep, ESET has highlighted a lot of entries for us. 3 are in Qoobox (Combofix quarantine) and the rest are in system restore. All of those will be dealt with as we do our clean up.

As follows please :-

Step 1

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")


  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


Step 2

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Step 3

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. The uninstall will happen very quickly, re-boot only if requested.

Step 4

Download and scan with CCleaner

1. Use either one of the two free links below the Premium version.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:
 
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
       
  • Clean all the entries in the "Windows Explorer" section.
       
  • Clean all entries in the "System" section.
       
  • Clean all entries in the "Advanced" section.
       
  • Clean any others that you choose.
In the Applications Tab
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
         
  • Clean all in the Opera section if you use it.
         
  • Clean Sun Java in the Internet Section.
         
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Let me know if the above steps complete OK, especially the Combofix /Uninstall command. <--- Very important because of the extra functions that are also completed

Kevin

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #11 on: November 27, 2010, 08:34:34 AM »
All procedures complete.  I also ran the Registry Fix part of the Ccleaner.  I hope that was ok although I made a back up if it was not.

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #12 on: November 27, 2010, 08:38:44 AM »
Hiya AD,

How is your system responding now, any issues?

Kevin

*

Offline Acer Daddy

  • Bronze Member
  • 43
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #13 on: November 27, 2010, 01:47:48 PM »
I will give it a test drive tonight.  I have kept it in a "time-out" since we started this process.  I will reactivate Norton and give it a whirl.  BTW, I had Norton disabled and it just flagged and quarantined a two trojans.  AD

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved] Unable to update virus or any other software on Acer
« Reply #14 on: November 27, 2010, 01:58:14 PM »
Can you post the log from Norton, or give info on trojans eg location