Security Suite

[KFuhr]

Hi, I am having trouble with a Malware program called Security Suite. I am running Windows Vista from an Acer Laptop. any help would be great.

[touch]

Hello KFuhr and welcome to CTH

Download Ccleaner:
Here
Click on ->
“Download
Latest Version”

Once installed, run CCleaner click the Windows tab
Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments

Then click Run Cleaner (bottom right) then Exit


Please download Malwarebytes' Anti-Malware:
Here
to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.

NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post malwarebyte log, along with DDS log files ->

Please download DDS:
Here
to your Desktop and doubleclick on DDs.scr to run it.
If your security software includes script blocking features, please disable these before you run this utility.


When the scan has finished, two logs will open.
Copy and paste both reports in this topic.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer.

[KFuhr]

ok, got the scans ran here is the one from Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4449

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

8/19/2010 11:29:20 AM
mbam-log-2010-08-19 (11-29-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 232002
Time elapsed: 1 hour(s), 3 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\User\AppData\Local\jaapceucb\bjlicwxshdw. exe (Trojan.FakeAlert.Gen) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ihgfubnb (Trojan.FakeAlert.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\User\AppData\Local\jaapceucb\bjlicwxshdw. exe (Trojan.FakeAlert.Gen) -> No action taken.

[KFuhr]

and this is from DDS.scr


DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 11:39:33.47 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.1043 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\Windows\System32\svchost.exe -k nosGetPlusHelper
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_ 5516
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_ 5516
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_ 5516
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\sw g.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\prof iles\fcpxobc1.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\prof iles\fcpxobc1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-7 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-18 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-7 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-7-7 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2009-7-7 50256]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-5-11 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-5-11 723488]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\driv ers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\driver s\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\driver s\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-8-19 583640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-8 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-18 366840]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sy s [2009-4-18 49664]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S4 0165671246995141mcinstcleanup;McAfee Application Installer Cleanup (0165671246995141);c:\windows\temp\016567~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\016567~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-2-17 44800]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
S4 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-7-7 110576]

=============== Created Last 30 ================

2010-08-19 07:07 <DIR> --d----- c:\program files\CCleaner
2010-08-19 07:05 <DIR> --d----- c:\programdata\NOS
2010-08-19 06:58 1,101,824 a------- c:\windows\system32\UniBox210.ocx
2010-08-19 06:58 880,640 a------- c:\windows\system32\UniBox10.ocx
2010-08-19 06:58 212,992 a------- c:\windows\system32\UniBoxVB12.ocx
2010-08-19 06:58 37,336 a------- c:\windows\system32\CleanMFT32.exe
2010-08-19 06:58 658,432 a------- c:\windows\system32\MSCOMCT2.OCX
2010-08-19 06:58 506,368 a------- c:\windows\system32\msxml.dll
2010-08-19 06:58 1,081,616 a------- c:\windows\system32\MSCOMCTL.OCX
2010-08-18 14:55 <DIR> --d----- c:\users\user\appdata\roaming\Malwarebytes
2010-08-18 14:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 14:55 <DIR> --d----- c:\programdata\Malwarebytes
2010-08-18 14:55 <DIR> --d----- c:\progra~2\Malwarebytes
2010-08-18 14:55 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-08-18 14:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 13:59 233,136 a------- c:\windows\system32\drivers\pctgntdi.sys
2010-08-18 13:59 100,136 a------- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-18 13:59 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2010-08-18 13:59 218,592 a------- c:\windows\system32\drivers\PCTCore.sys
2010-08-18 13:59 88,040 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-18 13:59 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-18 13:59 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2010-08-18 13:58 63,360 a------- c:\windows\system32\drivers\pctplsg.sys
2010-08-18 13:58 7,383 a------- c:\windows\system32\drivers\pctplsg.cat
2010-08-18 13:58 <DIR> --d----- c:\users\user\appdata\roaming\PC Tools
2010-08-18 13:58 <DIR> --d----- c:\programdata\PC Tools
2010-08-18 13:58 <DIR> --d----- c:\program files\Spyware Doctor
2010-08-18 13:58 <DIR> --d----- c:\program files\common files\PC Tools
2010-08-18 13:58 <DIR> --d----- c:\progra~2\PC Tools
2010-08-18 09:42 <DIR> --d----- c:\users\user\appdata\roaming\Azureus
2010-08-18 09:41 <DIR> --d----- c:\program files\Vuze
2010-08-18 09:41 <DIR> --d----- c:\program files\Conduit
2010-08-18 09:41 <DIR> --d----- c:\program files\Vuze_Remote
2010-08-18 07:39 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-08-18 07:27 38,848 a------- c:\windows\avastSS.scr
2010-08-18 07:27 <DIR> --d----- c:\programdata\Alwil Software
2010-08-18 07:27 <DIR> --d----- c:\progra~2\Alwil Software
2010-08-18 07:18 <DIR> --d----- c:\programdata\Sun
2010-08-18 07:18 423,656 a------- c:\windows\system32\deployJava1.dll
2010-08-18 06:58 104,960 a------- c:\windows\system32\netiohlp.dll
2010-08-18 06:58 27,136 a------- c:\windows\system32\NETSTAT.EXE
2010-08-18 06:58 19,968 a------- c:\windows\system32\ARP.EXE
2010-08-18 06:58 17,920 a------- c:\windows\system32\ROUTE.EXE
2010-08-18 06:58 17,920 a------- c:\windows\system32\netevent.dll
2010-08-18 06:58 11,264 a------- c:\windows\system32\MRINFO.EXE
2010-08-18 06:58 10,240 a------- c:\windows\system32\finger.exe
2010-08-18 06:58 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2010-08-18 06:58 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2010-08-18 06:57 313,344 a------- c:\windows\system32\wmpdxm.dll
2010-08-18 06:57 43,520 a------- c:\windows\system32\msdxm.tlb
2010-08-18 06:57 18,432 a------- c:\windows\system32\amcompat.tlb
2010-08-18 00:29 274,432 a------- c:\windows\system32\schannel.dll
2010-08-18 00:26 297,808 a------- c:\windows\system32\mscoree.dll
2010-08-18 00:26 295,264 a------- c:\windows\system32\PresentationHost.exe
2010-08-18 00:26 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2010-08-18 00:26 49,472 a------- c:\windows\system32\netfxperf.dll
2010-08-18 00:26 1,130,824 a------- c:\windows\system32\dfshim.dll
2010-08-18 00:26 310,784 a------- c:\windows\system32\unregmp2.exe
2010-08-18 00:26 7,680 a------- c:\windows\system32\spwmp.dll
2010-08-18 00:26 4,096 a------- c:\windows\system32\msdxm.ocx
2010-08-18 00:26 4,096 a------- c:\windows\system32\dxmasf.dll
2010-08-18 00:26 8,147,456 a------- c:\windows\system32\wmploc.DLL
2010-08-18 00:23 2,501,921 a------- c:\windows\system32\wlan.tmf
2010-08-18 00:23 293,376 a------- c:\windows\system32\wlanmsm.dll
2010-08-18 00:23 302,592 a------- c:\windows\system32\wlansec.dll
2010-08-18 00:23 127,488 a------- c:\windows\system32\L2SecHC.dll
2010-08-18 00:23 513,024 a------- c:\windows\system32\wlansvc.dll
2010-08-18 00:23 81,920 a------- c:\windows\system32\iccvid.dll
2010-08-18 00:23 420,352 a------- c:\windows\system32\vbscript.dll
2010-08-18 00:23 71,680 a------- c:\windows\system32\atl.dll
2010-08-18 00:22 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-08-18 00:22 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-18 00:21 289,792 a------- c:\windows\system32\atmfd.dll
2010-08-18 00:21 72,704 a------- c:\windows\system32\fontsub.dll
2010-08-18 00:21 10,240 a------- c:\windows\system32\dciman32.dll
2010-08-18 00:21 34,304 a------- c:\windows\system32\atmlib.dll
2010-08-18 00:21 2,036,736 a------- c:\windows\system32\win32k.sys
2010-08-18 00:21 62,464 a------- c:\windows\system32\l3codeca.acm
2010-08-18 00:16 1,257,472 a------- c:\windows\system32\msxml3.dll
2010-08-18 00:14 156,672 a------- c:\windows\system32\t2embed.dll
2010-08-18 00:09 213,504 a------- c:\windows\system32\msv1_0.dll
2010-08-18 00:09 738,304 a------- c:\windows\system32\inetcomm.dll
2010-08-18 00:08 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-18 00:08 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-08-18 00:08 78,848 a------- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-18 00:08 2,868,224 a------- c:\windows\system32\mf.dll
2010-08-18 00:07 67,072 a------- c:\windows\system32\asycfilt.dll
2010-08-18 00:07 2,048 a------- c:\windows\system32\tzres.dll
2010-08-18 00:07 160,256 a------- c:\windows\system32\wkssvc.dll
2010-08-18 00:07 2,066,432 a------- c:\windows\system32\mstscax.dll
2010-08-18 00:06 714,240 a------- c:\windows\system32\timedate.cpl
2010-08-18 00:05 36,352 a------- c:\windows\system32\rtutils.dll
2010-08-18 00:05 499,712 a------- c:\windows\system32\kerberos.dll
2010-08-18 00:05 175,104 a------- c:\windows\system32\wdigest.dll
2010-08-18 00:05 1,256,448 a------- c:\windows\system32\lsasrv.dll
2010-08-18 00:05 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2010-08-18 00:05 72,704 a------- c:\windows\system32\secur32.dll
2010-08-18 00:05 9,728 a------- c:\windows\system32\lsass.exe
2010-08-18 00:05 3,598,216 a------- c:\windows\system32\ntkrnlpa.exe
2010-08-18 00:05 3,545,992 a------- c:\windows\system32\ntoskrnl.exe
2010-08-18 00:04 1,314,816 a------- c:\windows\system32\quartz.dll
2010-08-18 00:03 302,080 a------- c:\windows\system32\drivers\srv.sys
2010-08-18 00:03 144,896 a------- c:\windows\system32\drivers\srv2.sys
2010-08-18 00:03 523,776 a------- c:\windows\system32\RMActivate_isv.exe
2010-08-18 00:03 511,488 a------- c:\windows\system32\RMActivate.exe
2010-08-18 00:03 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-08-18 00:03 472,576 a------- c:\windows\system32\secproc_isv.dll
2010-08-18 00:03 472,064 a------- c:\windows\system32\secproc.dll
2010-08-18 00:03 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-18 00:03 329,216 a------- c:\windows\system32\msdrm.dll
2010-08-18 00:03 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-08-18 00:03 151,040 a------- c:\windows\system32\secproc_ssp.dll
2010-08-18 00:02 61,440 a------- c:\windows\system32\msasn1.dll
2010-08-17 23:49 171,520 a------- c:\windows\system32\wintrust.dll
2010-08-17 23:49 98,304 a------- c:\windows\system32\cabview.dll
2010-08-17 23:33 2,421,760 a------- c:\windows\system32\wucltux.dll
2010-08-17 23:33 87,552 a------- c:\windows\system32\wudriver.dll
2010-08-17 23:33 171,608 a------- c:\windows\system32\wuwebv.dll
2010-08-17 23:33 33,792 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2010-06-28 16:32 50,256 a------- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-26 02:05 916,480 a------- c:\windows\system32\wininet.dll
2010-06-26 02:02 109,056 a------- c:\windows\system32\iesysprep.dll
2010-06-26 02:02 71,680 a------- c:\windows\system32\iesetup.dll
2010-06-26 00:25 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-05-11 18:26 51,200 a------- c:\windows\inf\infpub.dat

[touch]

Please download Combofix from: Here
And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply, along with malwarebyte log

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

[KFuhr]

2009-05-11 18:26 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-11 18:26 86,016 a------- c:\windows\inf\infstor.dat
2009-04-18 21:33 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:40:19.98 ===============

[KFuhr]

sorry about that i got dds to run right after i posted that

[KFuhr]

here is combofix's log

ComboFix 10-08-18.04 - User 08/19/2010 12:08:31.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.1077 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-19 16:17 . 2010-08-19 16:17 -------- d-----w- c:\users\User\AppData\Local\temp
2010-08-19 16:17 . 2010-08-19 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-19 11:07 . 2010-08-19 11:07 -------- d-----w- c:\program files\CCleaner
2010-08-19 10:58 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-08-19 10:58 . 2004-08-04 11:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-08-18 18:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\programdata\Malwarebytes
2010-08-18 18:55 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 18:36 . 2010-08-18 18:36 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2010-08-18 17:59 . 2010-02-05 13:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-18 17:59 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-18 17:59 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-18 17:59 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-18 17:58 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-18 17:58 . 2010-08-19 10:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-18 17:58 . 2010-08-18 18:46 -------- d-----w- c:\program files\Spyware Doctor
2010-08-18 17:58 . 2010-08-18 17:58 -------- d-----w- c:\users\User\AppData\Roaming\PC Tools
2010-08-18 17:58 . 2010-08-18 17:58 -------- d-----w- c:\programdata\PC Tools
2010-08-18 14:19 . 2010-08-19 15:29 -------- d-----w- c:\users\User\AppData\Local\jaapceucb
2010-08-18 14:17 . 2010-08-18 14:17 -------- d-----w- c:\users\User\AppData\Local\Adobe
2010-08-18 14:17 . 2010-08-18 14:17 -------- d-----w- c:\windows\Sun
2010-08-18 13:42 . 2010-08-18 13:42 310208 ----a-w- c:\users\User\AppData\Roaming\Azureus\plugins\mlab \ShaperProbeC.exe
2010-08-18 13:42 . 2010-08-19 11:11 -------- d-----w- c:\users\User\AppData\Roaming\Azureus
2010-08-18 13:41 . 2010-08-18 13:42 -------- d-----w- c:\program files\Vuze
2010-08-18 13:41 . 2010-08-18 13:41 -------- d-----w- c:\program files\Conduit
2010-08-18 13:41 . 2010-08-18 13:41 -------- d-----w- c:\program files\Vuze_Remote
2010-08-18 11:39 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-18 11:27 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-18 11:27 . 2010-08-18 11:27 -------- d-----w- c:\programdata\Alwil Software
2010-08-18 11:18 . 2010-08-18 11:18 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 11:18 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-18 10:58 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-18 10:58 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-18 10:58 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-18 10:58 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-18 10:58 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-18 10:58 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-18 10:58 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-18 10:58 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-18 10:58 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-18 10:57 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-18 04:29 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-18 04:26 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-18 04:26 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-18 04:26 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-18 04:26 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-18 04:26 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-18 04:26 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-18 04:26 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-18 04:26 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-18 04:26 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-18 04:23 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-18 04:23 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-08-18 04:23 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-18 04:23 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-18 04:23 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-18 04:23 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-08-18 04:23 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-18 04:22 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-18 04:22 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-18 04:21 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-18 04:21 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-18 04:21 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-18 04:21 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-18 04:21 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-18 04:16 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-18 04:14 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-18 04:09 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-18 04:09 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-18 04:08 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-18 04:08 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-18 04:08 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-18 04:08 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-08-18 04:07 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-18 04:07 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-18 04:07 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-18 04:07 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-08-18 04:05 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-18 04:05 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-18 04:05 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-08-18 04:05 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-18 04:05 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-18 04:05 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-18 04:05 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-08-18 04:05 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-18 04:05 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-18 04:04 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-08-18 04:03 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-18 04:03 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-18 04:03 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-18 04:03 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-18 04:03 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-18 04:03 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-18 04:03 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-08-18 04:03 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-18 04:03 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-18 04:03 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-18 04:03 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-08-18 04:02 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-08-18 03:49 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-08-18 03:49 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-08-18 03:33 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-08-18 03:33 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-08-18 03:33 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-08-18 03:33 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-08-18 03:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-08-18 03:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-08-18 03:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-08-18 03:33 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-18 03:33 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-18 18:48 . 2009-07-08 12:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-18 17:59 . 2009-04-19 03:00 -------- d-----w- c:\program files\Google
2010-08-18 15:27 . 2009-07-07 17:48 74088 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 11:31 . 2009-07-07 20:54 -------- d-----w- c:\program files\Alwil Software
2010-08-18 11:18 . 2009-07-07 20:57 -------- d-----w- c:\program files\Java
2010-08-18 04:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-28 20:57 . 2009-07-07 20:55 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-07-07 20:55 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-07-07 20:55 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-07-07 20:55 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-07-07 20:55 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-07-07 20:55 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-18 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-18 11:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-18 11:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-18 11:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-16 15:59 . 2010-08-18 04:01 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-07-07 17:48 157168 ----a-w- c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 6711840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-12 862728]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-04 698912]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-03-11 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-11 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-06-28 2837864]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-03-09 19:06 515416 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-02-17 17:36 248576 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 22:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe

[KFuhr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 19:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 00:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-26 14:05 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:33 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R4 0165671246995141mcinstcleanup;McAfee Application Installer Cleanup (0165671246995141);c:\windows\TEMP\016567~1.EXE [x]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-02-17 44800]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R4 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-07-07 110576]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-06-28 50256]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-03-06 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-04 723488]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sy s [2009-01-15 49664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_ 5516
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\fcpxobc1.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 12:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2612)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Completion time: 2010-08-19 12:23:04
ComboFix-quarantined-files.txt 2010-08-19 16:23

Pre-Run: 124,432,969,728 bytes free
Post-Run: 124,353,511,424 bytes free

- - End Of File - - 4BBD8283232C4A6C1EDE55FAE05A36DA

[touch]

We ask that you remove any P2P/file sharing programs.
We reserve the right to withdraw our support:
If such programs are found in your logs
Should you not agree to their removal.
As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer.

Uninstall:
vuze_remote
Vuze
Azureus

You decide

If you agree ->

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Quote:

Killall::
Snapshot::
Folder::
c:\users\User\AppData\Local\jaapceucb

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

[KFuhr]

removing those programs now will have my new log up soon. thank you