HiJack this help please

aliEnRIK · 3 October 2010 at 8:25AM

Try to uninstall spybot

RedBern · 3 October 2010 at 8:52AM

aliEnRIK wrote: »

Try to uninstall spybot

uninstalled spybot. Had message 'windows has recovered from unexpected shutdown etc' so it is up and running again - still freezing at every page and 'not responding'.

aliEnRIK · 3 October 2010 at 10:29AM

Reboot and shut it down manually

Wait a minute and boot up again

Please use terminology so we know exactly what your referring to. Your stating it freezes on every webpage? is that internet explorer? Which programs are 'not responding'?

The_Grandmaster · 3 October 2010 at 11:18AM

Sorry I've been away and thank you for taking over alienRIK!

RedBern · 3 October 2010 at 12:21PM

aliEnRIK wrote: »

Reboot and shut it down manually

Wait a minute and boot up again

Please use terminology so we know exactly what your referring to. Your stating it freezes on every webpage? is that internet explorer? Which programs are 'not responding'?

I've done that. Im using Firefox not IE - Freezing on every page refers to: a) going on to this site - from forum -freeze - to techie - freeze - then I get 'not responding' have to wait for ages, and then either just close the webpage and start again - which takes 30+ seconds to reload firefox - then 30 seconds to find page and so on.

closed · 3 October 2010 at 12:29PM

If it doesn't do the same thing in IE, backup your bookmarks and reinstall firefox

aliEnRIK · 3 October 2010 at 12:35PM

Use internet explorer until firefox is working proper again (May be fine after closeds advice)

Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)

RedBern · 3 October 2010 at 2:40PM

combofix log - I've removed Avira - which doesn't run with Vista anyway but it is still showing on this - but it isn't on system any longer. I've uninstalled it, and then deleted it from C: so it isn't there. On IE at mo - which is slow but not freezing...

ComboFix 10-10-02.02 - otherr 03/10/2010 14:39:44.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1582 [GMT 1:00]
Running from: C:\Users\otherr\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Family\AppData\Roaming\.#
C:\Windows\system32\muzapp.exe

BITS: Possible infected sites

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
.
2010-10-03 14:01:15 . 2010-10-03 14:01:15

d

w- C:\Users\Default\AppData\Local\temp
2010-10-03 14:01:07 . 2010-10-03 14:01:07

d

w- C:\Users\Guest\AppData\Local\temp
2010-10-03 14:01:07 . 2010-10-03 14:01:07

d

w- C:\Users\Family\AppData\Local\temp
2010-10-02 13:41:23 . 2010-10-02 13:41:23

d

w- C:\Users\Family\DoctorWeb
2010-10-01 22:52:48 . 2010-10-01 22:52:48 388096 ----a-r- C:\Users\otherr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-01 20:27:00 . 2009-10-09 21:56:07 2048 ----a-w- C:\Windows\system32\winrsmgr.dll
2010-10-01 20:26:26 . 2009-10-09 21:56:17 12800 ----a-w- C:\Windows\system32\wsmprovhost.exe
2010-10-01 20:26:26 . 2009-10-09 21:56:13 20480 ----a-w- C:\Windows\system32\winrshost.exe
2010-10-01 20:26:26 . 2009-10-09 21:56:06 40448 ----a-w- C:\Windows\system32\winrs.exe
2010-10-01 20:26:23 . 2009-10-09 21:56:08 10240 ----a-w- C:\Windows\system32\wsmplpxy.dll
2010-10-01 20:26:23 . 2009-10-09 21:56:03 10240 ----a-w- C:\Windows\system32\winrssrv.dll
2010-10-01 20:26:18 . 2009-10-09 21:56:27 41472 ----a-w- C:\Windows\system32\pwrshplugin.dll
2010-10-01 20:26:18 . 2009-10-09 21:55:59 79872 ----a-w- C:\Windows\system32\wecutil.exe
2010-10-01 20:26:18 . 2009-10-09 21:55:53 54272 ----a-w- C:\Windows\system32\WsmRes.dll
2010-10-01 20:26:18 . 2009-10-09 21:55:52 146944 ----a-w- C:\Windows\system32\wecsvc.dll
2010-10-01 20:26:18 . 2009-10-09 21:55:50 81408 ----a-w- C:\Windows\system32\wevtfwd.dll
2010-10-01 20:26:18 . 2009-10-09 21:55:50 56320 ----a-w- C:\Windows\system32\wecapi.dll
2010-10-01 20:26:04 . 2009-08-01 06:27:37 201184 ----a-w- C:\Windows\system32\winrm.vbs
2010-10-01 20:25:58 . 2009-10-09 21:56:01 145408 ----a-w- C:\Windows\system32\WsmAuto.dll
2010-10-01 20:25:57 . 2009-10-09 21:56:17 214016 ----a-w- C:\Windows\system32\WsmWmiPl.dll
2010-10-01 20:25:57 . 2009-10-09 21:56:04 241152 ----a-w- C:\Windows\system32\winrscmd.dll
2010-10-01 20:25:57 . 2009-10-09 21:55:55 252416 ----a-w- C:\Windows\system32\WSManMigrationPlugin.dll
2010-10-01 20:25:56 . 2009-10-09 21:56:18 1181696 ----a-w- C:\Windows\system32\WsmSvc.dll
2010-10-01 20:25:56 . 2009-10-09 21:56:03 246272 ----a-w- C:\Windows\system32\WSManHTTPConfig.exe
2010-10-01 19:14:56 . 2010-10-01 19:14:56

d

w- C:\Program Files\FileHippo.com
2010-10-01 16:43:34 . 2010-10-01 16:43:34

d

w- C:\Users\otherr\AppData\Roaming\Malwarebytes
2010-09-30 20:01:24 . 2010-09-30 20:01:24

d

w- C:\Users\Guest\AppData\Roaming\Malwarebytes
2010-09-29 20:57:36 . 2010-09-29 20:57:36

d

w- C:\Users\Guest\AppData\Roaming\Yahoo!
2010-09-29 12:32:50 . 2010-06-22 13:30:58 2048 ----a-w- C:\Windows\system32\tzres.dll
2010-09-25 02:14:45 . 2010-09-25 02:14:45

d

w- C:\Users\Family\AppData\Local\Yahoo
2010-09-25 02:07:06 . 2010-09-25 02:14:45

d

w- C:\Users\Family\AppData\Roaming\Yahoo!
2010-09-25 02:04:38 . 2010-09-25 02:08:15

d

w- C:\ProgramData\Yahoo!
2010-09-25 02:04:38 . 2010-04-20 15:45:20 607472 ----a-w- C:\ProgramData\Yahoo!\YUpdater\yupdater.exe
2010-09-21 13:41:14 . 2010-09-21 13:41:14

d

w- C:\Users\Family\AppData\Roaming\Smart PDF Converter Pro
2010-09-21 13:40:44 . 2010-04-17 17:21:16 2084864 ----a-w- C:\ProgramData\Smart Soft\pdfcreactivex.dll
2010-09-21 13:40:43 . 2010-09-21 13:40:45

d

w- C:\ProgramData\Smart Soft
2010-09-21 13:40:43 . 2010-04-17 17:21:16 517264 ----a-w- C:\ProgramData\Smart Soft\acfpdf.dll
2010-09-21 13:40:43 . 2010-04-17 17:21:16 403277 ----a-w- C:\ProgramData\Smart Soft\acfpdfu.dll
2010-09-21 13:40:43 . 2010-04-17 17:21:16 334640 ----a-w- C:\ProgramData\Smart Soft\acfpdf.drv
2010-09-21 13:40:43 . 2010-04-17 17:21:16 285492 ----a-w- C:\ProgramData\Smart Soft\acfpdfnt.dll
2010-09-21 13:40:43 . 2010-04-17 17:21:16 244543 ----a-w- C:\ProgramData\Smart Soft\acfpdfui.dll
2010-09-21 13:40:43 . 2010-04-17 17:21:16 1966080 ----a-w- C:\ProgramData\Smart Soft\cdintf.dll
2010-09-21 13:40:38 . 2010-09-21 13:41:41

d

w- C:\Program Files\Smart PDF Converter Pro
2010-09-20 18:40:50 . 2010-09-20 18:40:53 282624 ----a-w- C:\Users\Family\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-09-20 18:40:46 . 2010-09-20 18:40:50 655360 ----a-w- C:\Users\Family\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-09-20 18:40:37 . 2010-09-20 18:40:37 208896 ----a-w- C:\Users\Family\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-09-20 18:40:35 . 2010-09-22 17:10:43

d

w- C:\Users\Family\AppData\Roaming\Spotify
2010-09-20 18:40:35 . 2010-09-22 17:10:43

d

w- C:\Users\Family\AppData\Local\Spotify
2010-09-17 16:36:50 . 2010-09-17 16:36:50

d

w- C:\Users\Guest\AppData\Roaming\Samsung
2010-09-17 15:59:25 . 2010-07-26 13:15:26 36640 ----a-w- C:\Windows\system32\FsUsbExDisk.Sys
2010-09-17 15:59:25 . 2010-07-26 13:15:26 217088 ----a-w- C:\Windows\system32\FsUsbExService.Exe
2010-09-17 15:59:25 . 2010-07-26 13:15:26 110592 ----a-w- C:\Windows\system32\FsUsbExDevice.Dll
2010-09-17 15:52:26 . 2010-09-17 15:53:02

d

w- C:\Program Files\PC Connectivity Solution
2010-09-17 15:51:13 . 2010-09-17 15:51:13

d

w- C:\Users\Family\AppData\Roaming\Samsung
2010-09-17 15:49:44 . 2010-09-17 16:33:38

d

w- C:\ProgramData\Samsung
2010-09-17 15:49:44 . 2010-09-17 15:49:44

d

w- C:\Program Files\MarkAny
2010-09-17 15:47:15 . 2010-09-17 15:47:15

d

w- C:\Program Files\Samsung
2010-09-17 15:47:03 . 2010-09-17 16:29:25

d

w- C:\Program Files\Common Files\Samsung
2010-09-15 14:26:43 . 2010-04-16 16:46:48 502272 ----a-w- C:\Windows\system32\usp10.dll
2010-09-15 14:26:41 . 2010-08-17 14:11:37 128000 ----a-w- C:\Windows\system32\spoolsv.exe
2010-09-15 14:26:39 . 2010-04-05 17:02:42 317952 ----a-w- C:\Windows\system32\MP4SDECD.DLL
2010-09-15 14:26:35 . 2010-05-27 20:08:42 739328 ----a-w- C:\Windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 14:04:56 . 2009-03-27 20:26:45

d

w- C:\Users\Family\AppData\Roaming\Skype
2010-10-03 13:13:41 . 2009-03-12 16:30:40 6836 ----a-w- C:\Users\Family\AppData\Local\d3d9caps.dat
2010-10-03 12:46:18 . 2009-09-25 16:36:34 6836 ----a-w- C:\Users\Guest\AppData\Local\d3d9caps.dat
2010-10-03 08:49:15 . 2009-03-09 12:04:15

d

w- C:\ProgramData\Spybot - Search & Destroy
2010-10-03 08:13:48 . 2009-03-07 18:39:44

d

w- C:\Program Files\Glary Utilities
2010-10-02 08:08:33 . 2010-07-04 18:13:30 6836 ----a-w- C:\Users\otherr\AppData\Local\d3d9caps.dat
2010-10-01 20:34:25 . 2009-03-07 14:34:40

d

w- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-01 20:34:24 . 2009-04-30 21:45:38

d

w- C:\Program Files\Microsoft Silverlight
2010-10-01 20:34:24 . 2009-04-07 18:52:56

d

w- C:\Program Files\epson
2010-10-01 20:14:45 . 2009-03-08 12:28:04

d

w- C:\Program Files\Defraggler
2010-10-01 18:36:17 . 2009-03-07 16:21:01

d

w- C:\Program Files\SUPERAntiSpyware
2010-10-01 18:35:17 . 2009-12-16 18:00:35

d

w- C:\Program Files\Norton Security Scan
2010-10-01 18:35:17 . 2009-07-17 14:55:47

d

w- C:\ProgramData\Norton
2010-10-01 18:35:14 . 2009-07-17 14:55:46

d

w- C:\ProgramData\Symantec
2010-10-01 18:34:23 . 2006-11-02 10:25:05 86016 ----a-w- C:\Windows\Inf\infstor.dat
2010-10-01 18:34:23 . 2006-11-02 10:25:05 51200 ----a-w- C:\Windows\Inf\infpub.dat
2010-10-01 18:34:23 . 2006-11-02 10:25:05 143360 ----a-w- C:\Windows\Inf\infstrng.dat
2010-10-01 18:18:36 . 2010-03-29 19:09:20

d

w- C:\Program Files\EA GAMES
2010-10-01 18:18:36 . 2008-08-20 07:25:40

d--h--w- C:\Program Files\InstallShield Installation Information
2010-10-01 17:46:31 . 2008-08-20 21:18:14

d

w- C:\Program Files\Acer GameZone
2010-10-01 11:05:27 . 2010-06-08 15:34:28

d

w- C:\Users\Family\AppData\Roaming\LimeWire
2010-10-01 10:59:12 . 2009-07-18 14:40:47

d

w- C:\Program Files\DivX
2010-09-30 21:16:30 . 2010-04-06 22:38:39

d

w- C:\Program Files\Yahoo!
2010-09-30 21:05:40 . 2009-11-01 11:17:19

d

w- C:\ProgramData\Birdstep Technology
2010-09-30 17:03:28 . 2010-03-17 21:07:12

d

w- C:\Users\Family\AppData\Roaming\Azureus
2010-09-30 16:59:17 . 2009-03-07 17:58:22

d

w- C:\Program Files\CCleaner
2010-09-28 22:27:49 . 2010-08-27 13:33:27

d

w- C:\Users\Guest\AppData\Roaming\Spotify
2010-09-27 12:42:37 . 2010-06-22 20:24:08

d

w- C:\Users\Guest\AppData\Roaming\LimeWire
2010-09-25 02:08:16 . 2010-09-25 02:08:15 262144 ----a-w- C:\ProgramData\ntuser.dat
2010-09-20 18:40:10 . 2010-08-27 13:33:21

d

w- C:\Program Files\Spotify
2010-09-16 01:36:02 . 2008-08-20 21:12:36

d

w- C:\ProgramData\Microsoft Help
2010-09-16 01:23:56 . 2006-11-02 11:18:33

d

w- C:\Program Files\Windows Mail
2010-09-07 20:14:33 . 2010-03-17 21:09:41

d

w- C:\Users\Family\AppData\Roaming\TuneUpMedia
2010-08-31 17:14:35 . 2010-05-26 16:19:11

d

w- C:\Program Files\TuneUpMedia
2010-08-31 13:59:53 . 2010-04-11 00:57:02

d

w- C:\Users\Guest\AppData\Roaming\TuneUpMedia
2010-08-31 13:54:45 . 2010-05-30 13:41:56

d

w- C:\Users\Guest\AppData\Roaming\Apple Computer
2010-08-31 13:22:30 . 2010-03-11 17:59:37

d

w- C:\Program Files\iTunes
2010-08-31 13:20:32 . 2010-08-31 13:20:32

d

w- C:\Program Files\iPod
2010-08-31 13:20:26 . 2009-12-20 00:44:51

d

w- C:\Program Files\Common Files\Apple
2010-08-31 13:20:19 . 2009-12-20 00:46:42

d

w- C:\ProgramData\Apple Computer
2010-08-31 13:10:15 . 2010-08-31 13:10:00

d

w- C:\Program Files\Bonjour
2010-08-31 13:04:42 . 2010-08-31 13:04:42 73000 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-31 12:55:49 . 2009-12-20 00:44:16

d

w- C:\ProgramData\Apple
2010-08-27 13:33:28 . 2010-08-27 13:33:28 655360 ----a-w- C:\Users\Guest\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-08-27 13:33:28 . 2010-08-27 13:33:28 282624 ----a-w- C:\Users\Guest\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-08-27 13:33:27 . 2010-08-27 13:33:27 208896 ----a-w- C:\Users\Guest\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-08-22 15:57:43 . 2009-10-07 17:05:15

d

w- C:\Program Files\Common Files\Symantec Shared
2010-08-06 23:13:11 . 2008-08-20 21:14:25

d

w- C:\Program Files\Microsoft.NET
2010-08-06 23:03:58 . 2010-08-06 23:03:57

d

w- C:\Program Files\Common Files\Java
2010-08-06 22:56:42 . 2009-03-10 20:26:02

d

w- C:\Program Files\Java
2010-07-26 13:17:06 . 2010-07-26 13:17:06 95568 ----a-w- C:\Windows\system32\dgdersvc.exe
2010-07-26 13:17:06 . 2010-07-26 13:17:06 726352 ----a-w- C:\Windows\system32\dgderapi.dll
2010-07-26 13:17:06 . 2010-07-26 13:17:06 319456 ----a-w- C:\Windows\system32\DIFxAPI.dll
2010-07-26 13:17:06 . 2010-07-26 13:17:06 18136 ----a-w- C:\Windows\system32\drivers\dgderdrv.sys
2010-07-17 04:00:04 . 2010-05-10 20:21:15 423656 ----a-w- C:\Windows\system32\deployJava1.dll
2010-07-16 21:51:14 . 2010-07-16 21:38:13 99 ----a-w- C:\Users\Family\jagex_runescape_preferences2.dat
2010-07-16 21:50:15 . 2010-07-16 21:38:14 51 ----a-w- C:\Users\Family\jagex__preferences3.dat
2010-07-16 21:49:16 . 2010-07-16 21:37:00 46 ----a-w- C:\Users\Family\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05:06 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2010-08-09 12:47:54 248832]
"GizmoDriveDelegate"="C:\PROGRA~1\GIZMO\GDRIVE.DLL" [2010-03-19 21:18:13 390752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:33:00 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 18:08:40 1049896]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 04:36:20 28672]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-30 00:44:22 147456]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-30 00:44:30 167936]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-13 00:28:04 167936]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 20:17:18 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 02:06:00 6144000]
"Skytel"="Skytel.exe" [2007-11-21 02:15:00 1826816]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-09-10 22:02:24 809480]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 01:05:22 526896]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 18:22:16 409600]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 05:53:32 6144]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 18:37:20 177472]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-07-21 14:53:04 141608]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2010-07-28 11:56:34 3365176]
"SmartSoft PDF Printer Agent"="C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2010-08-10 18:05:26 62864]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 14:39:32 1090952]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Gizmo.lnk - C:\Program Files\Gizmo\gizmo.exe [2010-3-19 220768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 04:36:02 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 11:44:56 210432]
R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys [x]
R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\system32\Drivers\L6TPortB.sys [2008-11-06 23:59:38 530560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 12:16:28 753504]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 19:03:58 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 20:11:14 16384]
S2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 01:35:02 81504]
S2 dgdersvc;Device Error Recovery Service;C:\Windows\system32\dgdersvc.exe [2010-07-26 13:17:06 95568]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 20:22:52 24576]
S2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2010-07-26 13:15:26 217088]
S2 Gizmo Central;Gizmo Central;C:\Program Files\Gizmo\gservice.exe [2010-03-19 21:18:13 31856]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 04:36:20 45056]
S2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 01:35:08 122368]
S3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [2010-07-26 13:17:06 18136]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2010-07-26 13:15:26 36640]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-29 01:54:20 22072]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-03 C:\Windows\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2009-03-07 18:39:45 . 2009-02-12 17:10:24]
.
.

Supplementary Scan

.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_5535
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-RegistryBooster - C:\Program Files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
AddRemove-AntiVir PersonalEdition Classic - C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - C:\Program Files\Uniblue\RegistryBooster\unins000.exe

aliEnRIK · 3 October 2010 at 3:17PM

The rest of the log please

RedBern · 3 October 2010 at 3:30PM

sorry - didn't realise it was on 2 different pages.....

ComboFix 10-10-02.02 - otherr 03/10/2010 14:39:44.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1582 [GMT 1:00]
Running from: c:\users\otherr\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Family\AppData\Roaming\.#
c:\windows\system32\muzapp.exe

BITS: Possible infected sites

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
.
2010-10-03 14:01 . 2010-10-03 14:01

d

w- c:\users\Default\AppData\Local\temp
2010-10-03 14:01 . 2010-10-03 14:01

d

w- c:\users\Guest\AppData\Local\temp
2010-10-03 14:01 . 2010-10-03 14:01

d

w- c:\users\Family\AppData\Local\temp
2010-10-02 13:41 . 2010-10-02 13:41

d

w- c:\users\Family\DoctorWeb
2010-10-01 22:52 . 2010-10-01 22:52 388096 ----a-r- c:\users\otherr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-01 20:27 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-10-01 20:26 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-10-01 20:26 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-10-01 20:26 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-10-01 20:26 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-10-01 20:26 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2010-10-01 20:26 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-10-01 20:26 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-10-01 20:26 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2010-10-01 20:26 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2010-10-01 20:26 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2010-10-01 20:26 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2010-10-01 20:26 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-10-01 20:25 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-10-01 20:25 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-10-01 20:25 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-10-01 20:25 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-10-01 20:25 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-01 20:25 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-10-01 19:14 . 2010-10-01 19:14

d

w- c:\program files\FileHippo.com
2010-10-01 16:43 . 2010-10-01 16:43

d

w- c:\users\otherr\AppData\Roaming\Malwarebytes
2010-09-30 20:01 . 2010-09-30 20:01

d

w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-09-29 20:57 . 2010-09-29 20:57

d

w- c:\users\Guest\AppData\Roaming\Yahoo!
2010-09-29 12:32 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-25 02:14 . 2010-09-25 02:14

d

w- c:\users\Family\AppData\Local\Yahoo
2010-09-25 02:07 . 2010-09-25 02:14

d

w- c:\users\Family\AppData\Roaming\Yahoo!
2010-09-25 02:04 . 2010-09-25 02:08

d

w- c:\programdata\Yahoo!
2010-09-25 02:04 . 2010-04-20 15:45 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-09-21 13:41 . 2010-09-21 13:41

d

w- c:\users\Family\AppData\Roaming\Smart PDF Converter Pro
2010-09-21 13:40 . 2010-04-17 17:21 2084864 ----a-w- c:\programdata\Smart Soft\pdfcreactivex.dll
2010-09-21 13:40 . 2010-09-21 13:40

d

w- c:\programdata\Smart Soft
2010-09-21 13:40 . 2010-04-17 17:21 517264 ----a-w- c:\programdata\Smart Soft\acfpdf.dll
2010-09-21 13:40 . 2010-04-17 17:21 403277 ----a-w- c:\programdata\Smart Soft\acfpdfu.dll
2010-09-21 13:40 . 2010-04-17 17:21 334640 ----a-w- c:\programdata\Smart Soft\acfpdf.drv
2010-09-21 13:40 . 2010-04-17 17:21 285492 ----a-w- c:\programdata\Smart Soft\acfpdfnt.dll
2010-09-21 13:40 . 2010-04-17 17:21 244543 ----a-w- c:\programdata\Smart Soft\acfpdfui.dll
2010-09-21 13:40 . 2010-04-17 17:21 1966080 ----a-w- c:\programdata\Smart Soft\cdintf.dll
2010-09-21 13:40 . 2010-09-21 13:41

d

w- c:\program files\Smart PDF Converter Pro
2010-09-20 18:40 . 2010-09-20 18:40 282624 ----a-w- c:\users\Family\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-09-20 18:40 . 2010-09-20 18:40 655360 ----a-w- c:\users\Family\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-09-20 18:40 . 2010-09-20 18:40 208896 ----a-w- c:\users\Family\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-09-20 18:40 . 2010-09-22 17:10

d

w- c:\users\Family\AppData\Roaming\Spotify
2010-09-20 18:40 . 2010-09-22 17:10

d

w- c:\users\Family\AppData\Local\Spotify
2010-09-17 16:36 . 2010-09-17 16:36

d

w- c:\users\Guest\AppData\Roaming\Samsung
2010-09-17 15:59 . 2010-07-26 13:15 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-09-17 15:59 . 2010-07-26 13:15 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-09-17 15:59 . 2010-07-26 13:15 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-09-17 15:52 . 2010-09-17 15:53

d

w- c:\program files\PC Connectivity Solution
2010-09-17 15:51 . 2010-09-17 15:51

d

w- c:\users\Family\AppData\Roaming\Samsung
2010-09-17 15:49 . 2010-09-17 16:33

d

w- c:\programdata\Samsung
2010-09-17 15:49 . 2010-09-17 15:49

d

w- c:\program files\MarkAny
2010-09-17 15:47 . 2010-09-17 15:47

d

w- c:\program files\Samsung
2010-09-17 15:47 . 2010-09-17 16:29

d

w- c:\program files\Common Files\Samsung
2010-09-15 14:26 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:26 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:26 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:26 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 14:04 . 2009-03-27 20:26

d

w- c:\users\Family\AppData\Roaming\Skype
2010-10-03 13:13 . 2009-03-12 16:30 6836 ----a-w- c:\users\Family\AppData\Local\d3d9caps.dat
2010-10-03 12:46 . 2009-09-25 16:36 6836 ----a-w- c:\users\Guest\AppData\Local\d3d9caps.dat
2010-10-03 08:49 . 2009-03-09 12:04

d

w- c:\programdata\Spybot - Search & Destroy
2010-10-03 08:13 . 2009-03-07 18:39

d

w- c:\program files\Glary Utilities
2010-10-02 08:08 . 2010-07-04 18:13 6836 ----a-w- c:\users\otherr\AppData\Local\d3d9caps.dat
2010-10-01 20:34 . 2009-03-07 14:34

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 20:34 . 2009-04-30 21:45

d

w- c:\program files\Microsoft Silverlight
2010-10-01 20:34 . 2009-04-07 18:52

d

w- c:\program files\epson
2010-10-01 20:14 . 2009-03-08 12:28

d

w- c:\program files\Defraggler
2010-10-01 18:36 . 2009-03-07 16:21

d

w- c:\program files\SUPERAntiSpyware
2010-10-01 18:35 . 2009-12-16 18:00

d

w- c:\program files\Norton Security Scan
2010-10-01 18:35 . 2009-07-17 14:55

d

w- c:\programdata\Norton
2010-10-01 18:35 . 2009-07-17 14:55

d

w- c:\programdata\Symantec
2010-10-01 18:34 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-10-01 18:34 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-10-01 18:34 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-10-01 18:18 . 2010-03-29 19:09

d

w- c:\program files\EA GAMES
2010-10-01 18:18 . 2008-08-20 07:25

d--h--w- c:\program files\InstallShield Installation Information
2010-10-01 17:46 . 2008-08-20 21:18

d

w- c:\program files\Acer GameZone
2010-10-01 11:05 . 2010-06-08 15:34

d

w- c:\users\Family\AppData\Roaming\LimeWire
2010-10-01 10:59 . 2009-07-18 14:40

d

w- c:\program files\DivX
2010-09-30 21:16 . 2010-04-06 22:38

d

w- c:\program files\Yahoo!
2010-09-30 21:05 . 2009-11-01 11:17

d

w- c:\programdata\Birdstep Technology
2010-09-30 17:03 . 2010-03-17 21:07

d

w- c:\users\Family\AppData\Roaming\Azureus
2010-09-30 16:59 . 2009-03-07 17:58

d

w- c:\program files\CCleaner
2010-09-28 22:27 . 2010-08-27 13:33

d

w- c:\users\Guest\AppData\Roaming\Spotify
2010-09-27 12:42 . 2010-06-22 20:24

d

w- c:\users\Guest\AppData\Roaming\LimeWire
2010-09-25 02:08 . 2010-09-25 02:08 262144 ----a-w- c:\programdata\ntuser.dat
2010-09-20 18:40 . 2010-08-27 13:33

d

w- c:\program files\Spotify
2010-09-16 01:36 . 2008-08-20 21:12

d

w- c:\programdata\Microsoft Help
2010-09-16 01:23 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2010-09-07 20:14 . 2010-03-17 21:09

d

w- c:\users\Family\AppData\Roaming\TuneUpMedia
2010-08-31 17:14 . 2010-05-26 16:19

d

w- c:\program files\TuneUpMedia
2010-08-31 13:59 . 2010-04-11 00:57

d

w- c:\users\Guest\AppData\Roaming\TuneUpMedia
2010-08-31 13:54 . 2010-05-30 13:41

d

w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-08-31 13:22 . 2010-03-11 17:59

d

w- c:\program files\iTunes
2010-08-31 13:20 . 2010-08-31 13:20

d

w- c:\program files\iPod
2010-08-31 13:20 . 2009-12-20 00:44

d

w- c:\program files\Common Files\Apple
2010-08-31 13:20 . 2009-12-20 00:46

d

w- c:\programdata\Apple Computer
2010-08-31 13:10 . 2010-08-31 13:10

d

w- c:\program files\Bonjour
2010-08-31 13:04 . 2010-08-31 13:04 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-31 12:55 . 2009-12-20 00:44

d

w- c:\programdata\Apple
2010-08-27 13:33 . 2010-08-27 13:33 655360 ----a-w- c:\users\Guest\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-08-27 13:33 . 2010-08-27 13:33 282624 ----a-w- c:\users\Guest\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-08-27 13:33 . 2010-08-27 13:33 208896 ----a-w- c:\users\Guest\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-08-22 15:57 . 2009-10-07 17:05

d

w- c:\program files\Common Files\Symantec Shared
2010-08-06 23:13 . 2008-08-20 21:14

d

w- c:\program files\Microsoft.NET
2010-08-06 23:03 . 2010-08-06 23:03

d

w- c:\program files\Common Files\Java
2010-08-06 22:56 . 2009-03-10 20:26

d

w- c:\program files\Java
2010-07-26 13:17 . 2010-07-26 13:17 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-07-26 13:17 . 2010-07-26 13:17 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-07-26 13:17 . 2010-07-26 13:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-07-26 13:17 . 2010-07-26 13:17 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-07-17 04:00 . 2010-05-10 20:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 21:51 . 2010-07-16 21:38 99 ----a-w- c:\users\Family\jagex_runescape_preferences2.dat
2010-07-16 21:50 . 2010-07-16 21:38 51 ----a-w- c:\users\Family\jagex__preferences3.dat
2010-07-16 21:49 . 2010-07-16 21:37 46 ----a-w- c:\users\Family\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2010-03-19 390752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-30 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-30 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-13 167936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-07-28 3365176]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2010-08-10 62864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe [2010-3-19 220768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\Drivers\L6TPortB.sys [2008-11-06 530560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-07-26 95568]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2010-03-19 31856]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-07 17:10]
.
.

Supplementary Scan

.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_5535
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
AddRemove-AntiVir PersonalEdition Classic - c:\program files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files\Uniblue\RegistryBooster\unins000.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 15:04
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

DLLs Loaded Under Running Processes

- - - - - - - > 'Explorer.exe'(5056)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\program files\Gizmo\ghook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
Completion time: 2010-10-03 15:31:27
ComboFix-quarantined-files.txt 2010-10-03 14:30
Pre-Run: 35,753,533,440 bytes free
Post-Run: 35,858,907,136 bytes free
- - End Of File - - 6E89BB858308AB8C184C575CC7F85A1A

HiJack this help please

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free