Here are logs as requested
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1891807612-3611176424-3398124219-1001
c:\$recycle.bin\S-1-5-21-1891807612-3611176424-3398124219-1004
c:\$recycle.bin\S-1-5-21-1891807612-3611176424-3398124219-500
c:\users\Marik\AppData\Roaming\.#
c:\users\Marik\AppData\Roaming\.#\MBX@DA0@1822990.###
c:\users\Marik\AppData\Roaming\.#\MBX@DA0@18229C0.###
c:\users\Marik\AppData\Roaming\.#\MBX@DA0@18229F0.###
c:\users\Princess\AppData\Roaming\.#
c:\users\Princess\AppData\Roaming\.#\MBX@17A0@1732990.###
c:\users\Princess\AppData\Roaming\.#\MBX@17A0@17329C0.###
c:\users\Princess\AppData\Roaming\.#\MBX@17A0@17329F0.###
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.
2009-08-09 13:14 . 2009-08-09 13:17 -------- d-----w- c:\users\Ma & Pa Dimi\AppData\Local\temp
2009-08-09 13:14 . 2009-08-09 13:14 -------- d-----w- c:\users\Talliie.DimiFamily-PC\AppData\Local\temp
2009-08-09 13:14 . 2009-08-09 13:14 -------- d-----w- c:\users\Princess\AppData\Local\temp
2009-08-09 13:14 . 2009-08-09 13:14 -------- d-----w- c:\users\Marik\AppData\Local\temp
2009-08-09 13:14 . 2009-08-09 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-07 14:03 . 2009-08-07 14:03 -------- d-----w- c:\users\Ma & Pa Dimi\AppData\Roaming\Malwarebytes
2009-08-07 14:02 . 2009-08-03 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-07 14:02 . 2009-08-07 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 14:02 . 2009-08-07 14:02 -------- d-----w- c:\programdata\Malwarebytes
2009-08-07 14:02 . 2009-08-03 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-07 08:01 . 2009-08-07 08:02 -------- d-----w- c:\program files\ERUNT
2009-08-05 13:42 . 2004-08-03 21:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-08-05 09:50 . 2009-08-05 10:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-05 09:50 . 2009-08-05 09:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-04 14:26 . 2009-08-04 14:26 -------- d-----w- c:\program files\Trend Micro
2009-08-04 12:50 . 2009-08-04 12:51 -------- d-----w- c:\users\Ma & Pa Dimi\AppData\Local\Microsoft Games
2009-08-03 23:56 . 2009-08-04 02:03 -------- d-----w- c:\programdata\SITEguard
2009-08-03 23:54 . 2009-08-03 23:54 -------- d-----w- c:\program files\Common Files\iS3
2009-08-03 23:54 . 2009-08-04 11:10 -------- d-----w- c:\programdata\STOPzilla!
2009-08-02 04:39 . 2009-08-07 14:17 -------- d--h--w- C:\winnt_
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 01:53 . 2009-01-02 14:48 -------- d-----w- c:\programdata\avg8
2009-08-09 00:22 . 2008-04-30 13:46 -------- d-----w- c:\programdata\Google Updater
2009-08-07 14:17 . 2008-11-06 06:34 -------- d-----w- c:\program files\iWin Games
2009-08-04 11:13 . 2008-02-05 19:54 -------- d-----w- c:\program files\Acer GameZone
2009-08-04 11:07 . 2008-05-23 09:59 -------- d-----w- c:\program files\Acer GameZone Online
2009-08-04 11:06 . 2008-02-05 19:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 11:04 . 2008-06-07 01:27 -------- d--h--w- c:\program files\InstallJammer Registry
2009-08-04 11:03 . 2009-08-04 00:07 11920 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-04 10:59 . 2008-09-29 01:55 -------- d-----w- c:\program files\BoontyGames
2009-08-04 10:59 . 2008-09-25 09:26 -------- d-----w- c:\program files\Magic Ball 3
2009-08-04 10:58 . 2008-09-25 10:24 -------- d-----w- c:\program files\RealArcade
2009-08-04 10:53 . 2009-01-17 08:38 -------- d-----w- c:\program files\Magic Ball 2
2009-08-04 10:36 . 2008-05-23 10:00 -------- d-----w- c:\programdata\GamesBar
2009-08-04 10:21 . 2008-09-20 04:55 -------- d-----w- c:\program files\Gunner 2
2009-08-04 10:20 . 2008-09-20 06:46 -------- d-----w- c:\program files\Crimsonland
2009-08-03 23:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-03 23:18 . 2008-02-05 19:30 -------- d-----w- c:\programdata\Microsoft Help
2009-08-02 04:54 . 2008-06-02 04:53 -------- d-----w- c:\users\Ma & Pa Dimi\AppData\Roaming\LimeWire
2009-07-23 10:23 . 2009-05-23 13:08 -------- d-----w- c:\users\Talliie.DimiFamily-PC\AppData\Roaming\LimeWire
2009-07-21 21:52 . 2009-08-03 23:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-03 23:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-03 23:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-03 23:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 06:46 . 2008-05-02 06:36 110912 ----a-w- c:\users\Marik\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-17 22:32 . 2008-05-01 06:51 110912 ----a-w- c:\users\Princess\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-08 13:40 . 2008-05-03 09:57 -------- d-----w- c:\users\Ma & Pa Dimi\AppData\Roaming\Azureus
2009-07-06 04:39 . 2009-07-06 04:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-06 04:39 . 2008-06-02 04:49 -------- d-----w- c:\program files\Java
2009-07-05 00:03 . 2009-01-02 14:48 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 06:35 . 2009-05-11 06:59 110912 ----a-w- c:\users\Talliie.DimiFamily-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 06:50 . 2009-06-28 04:59 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-28 04:56 . 2009-01-31 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-28 04:56 . 2009-01-02 14:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 14:34 . 2008-02-05 19:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-08-03 23:02 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-08-03 23:02 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-03 23:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-03 23:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-13 01:22 . 2009-06-11 07:40 -------- d-----w- c:\program files\PhoTags Express
2009-06-13 01:21 . 2009-06-11 07:44 -------- d-----w- c:\program files\iConcepts Music Express
2009-06-10 05:34 . 2009-06-10 05:35 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7576.tmp.exe
2009-06-03 12:36 . 2008-04-30 12:12 110912 ----a-w- c:\users\Ma & Pa Dimi\AppData\Local\GDIPFONTCACHEV1.DAT
2008-06-27 06:17 . 2008-06-25 08:23 59155 ----a-w- c:\program files\dr2.log
2008-06-26 07:26 . 2008-06-25 09:46 726 ----a-w- c:\program files\settings.cfg
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 00:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-06 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\users\Talliie.DimiFamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-5-28 147456]
c:\users\Ma & Pa Dimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-6 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E9A4533-1359-46B6-B326-2B899D73FD10}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADE9CF49-7A0E-4076-9B85-7648EC5E7736}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6299EEE5-1856-4B10-9916-798B1C1AEF89}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D430641B-178B-4C39-B53C-F6B3221DB01A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{948000F3-8719-4206-B4C5-6506B663184F}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{8BCD640B-594A-465F-8A9E-E5A6C07DC081}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{EDAD7C9C-2B42-422A-A171-019C0C88A98B}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7F51ED0B-81E8-46A6-908E-8C5EA726056F}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{81B6CD0B-8F08-4C12-8532-E56DF5350339}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{B0FC188F-249E-43D9-859D-89A0F334AEDC}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{7D1CE16D-8631-458E-8382-54CE0C38BDEB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{00B4998B-5924-450F-AEF9-4BDA12EFD12F}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{7BB3097A-3125-4981-9834-679B5636377D}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{505ED723-A2BA-473E-AEAE-3BD5181A5754}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{8FFE3A8A-4C75-43A0-BFF3-95FDFDA33BE2}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"TCP Query User{7D2CCDFA-0F95-4A6F-92D8-B083C0A506CA}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{495771A7-02E8-4F51-BA96-A36721F749E7}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{1D6131E4-E141-490B-9C5A-A94F1319333F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ACC83E8D-13E0-4EBE-A7F4-74FC06DE81AA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{47E4F2AA-83F2-46FB-AA2F-8C02F2C25775}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6EF4F457-DACE-49A7-BD17-179DD579A697}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1FF444D-9040-4D40-AAE1-FC90339E4E33}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{CEDA42DA-CA79-4F57-9C26-F67380F2817A}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{A9E3A14B-F288-406F-A05B-8787FD3A8710}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{8A3E93AD-16C0-4D16-B68C-3DE06283ACBB}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{4A5FB34D-3028-4C23-8656-984772FCE409}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{167CD5B1-1A9F-4157-B0F4-2F060E998024}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus.exe
"UDP Query User{83462914-5381-49FA-A525-D772D4D53AE6}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Telstra\\unpw\\unpwclient.exe"= c:\program files\Telstra\unpw\unpwclient.exe:*:Enabled:BigPond Username/Password Tool
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/01/2009 12:48 AM 335752]
R1 FAMv4;FAMv4;c:\windows\System32\drivers\FAMv4.sys [15/12/2007 5:35 AM 132120]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [6/02/2008 5:52 AM 269448]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/06/2009 2:55 PM 298776]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [31/12/2007 7:54 AM 21752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [31/12/2007 7:55 AM 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [31/12/2007 7:54 AM 136440]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [30/04/2008 10:41 PM 206336]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-30 02:35]
.
- - - - ORPHANS REMOVED - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16;
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
mStart Page = hxxp://en.au.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 23:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1891807612-3611176424-3398124219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*-*T*H*S*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1891807612-3611176424-3398124219-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,d1,92,08,da,67,fc,a0,d4,64,fe,a3,fc,8d,cc,c8,51,a4,fb,c6,eb,
8a,a4,a3,9b,84,e6,11,1f,10,dc,99,a1,c9,06,72,a4,c9,90,17,d8,85,ea,5a,58,eb,\
"rkeysecu"=hex:7f,5e,19,12,1f,bd,80,94,b0,ff,1e,cc,0a,29,35,0a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3240)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\WUDFHost.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\conime.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2009-08-09 23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 13:26
Pre-Run: 30,307,528,704 bytes free
Post-Run: 29,942,571,008 bytes free
277 --- E O F --- 2009-08-03 23:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:25 AM, on 10/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.au.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10883 bytes