Google Redirect/ Click.GiftLoad

S

swatspeedman

New member
I recently got what I believe to be the google redirect virus. I found a forum on this site about it and decided I must post one myself as the results differ for each person. I AM ONLY 15! if i do not know what you are on about that isn't my fault, i am very basic with this stuff (system restore etc) and may be hard to work with as I can be lacking in the common sense sector.
I am trying my best to help but malware removal is new to me. I have installed malware bytes already.

Sorry if I posted this wrong.

DDS -
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Scott at 22:33:56 on 2011-05-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1346 [GMT 1:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Scott\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BGAntiphishingBHO Class: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Skytel] Skytel.exe
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\BGLsp.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://intranet.mencap.org.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: BgGamingMonitor.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
.
============= SERVICES / DRIVERS ===============
.
R? BgRaSvc;BgRaSvc
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FsUsbExDisk;FsUsbExDisk
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MEMSWEEP2;MEMSWEEP2
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? netr28u;Belkin USB Wireless LAN Card Driver for Vista
R? osppsvc;Office Software Protection Platform
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
R? SynasUSB;SynasUSB
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WSDPrintDevice;WSD Print Support via UMB
R? ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service
S? {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02:16]
S? afw;Agnitum Firewall Driver
S? afwcore;afwcore
S? AlfaFF;AlfaFF File System mini-filter
S? BdSpy;BdSpy
S? BsBrowser;BullGuard antiphishing service
S? BsFileScan;BullGuard on-access service
S? BsFire;BullGuard firewall service
S? BsMailProxy;BullGuard e-mail monitoring service
S? BsMain;BullGuard main service
S? BsScanner;BullGuard scanning service
S? BsUpdate;BullGuard update service
S? BUNAgentSvc;NTI Backup Now 5 Agent Service
S? CLHNService;CLHNService
S? ETService;Empowering Technology Service
S? IGBASVC;iGroupTec Service
S? lxdu_device;lxdu_device
S? NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? NTIBackupSvc;NTI Backup Now 5 Backup Service
S? NTIPPKernel;NTIPPKernel
S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? SBSDWSCService;SBSD Security Center Service
S? winbondcir;Winbond IR Transceiver
.
=============== Created Last 30 ================
.
2011-05-20 17:00:55 -------- d-----w- c:\users\scott\Adobe After Effects CS4
2011-05-17 12:46:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 16:30:22 -------- d-----w- c:\program files\ESET
2011-05-13 15:17:22 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2011-05-13 15:17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20:14 -------- d-----w- c:\users\scott\appdata\roaming\BullGuard
2011-05-12 19:14:50 -------- d-----w- c:\programdata\BullGuard
2011-05-12 19:14:20 -------- d-----w- c:\program files\BullGuard Ltd
2011-05-12 18:02:40 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29:50 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26:45 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34:12 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36:37 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10:54 -------- d-----w- c:\users\scott\appdata\roaming\SPORE
2011-05-09 19:04:40 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-05-09 19:04:14 -------- d-----w- c:\users\scott\appdata\local\Downloaded Installations
2011-05-09 18:23:36 -------- d-----w- c:\windows\system32\EventProviders
2011-05-07 12:31:46 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-05-07 12:26:57 -------- d-----w- c:\users\scott\appdata\local\Adobe
2011-05-06 10:30:36 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50afdad7-925e-459b-8a90-90c38d4e72a7}\mpengine.dll
2011-05-04 19:09:29 -------- d-----w- c:\program files\uTorrent
2011-05-04 19:08:19 -------- d-----w- c:\users\scott\appdata\roaming\uTorrent
2011-05-02 16:00:41 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06:50 -------- d-----w- c:\users\scott\appdata\local\TechSmith
2011-05-02 01:00:34 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00:25 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59:04 -------- d-----w- c:\program files\common files\TechSmith Shared
2011-05-01 10:12:51 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-30 17:02:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-24 14:55:06 -------- d-----w- c:\program files\iPod
2011-04-24 14:50:39 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-05-12 19:28:54 122744 ----a-w- c:\windows\system32\BdInstHk.dll
2011-05-12 19:27:33 58592 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2011-04-09 21:56:35 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41:53 138056 ----a-w- c:\users\scott\appdata\roaming\PnkBstrK.sys
2011-04-09 21:41:43 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33:06 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 13:24:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
============= FINISH: 22:36:54.79 ===============
 
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Bitlord

I'd like you to read this thread.

Uninstall the programs listed above (in red). When done, post fresh dds logs.
 
Here you go =]
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_25
Run by Scott at 18:13:51 on 2011-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1368 [GMT 1:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BGAntiphishingBHO Class: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Skytel] Skytel.exe
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\BGLsp.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://intranet.mencap.org.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: BgGamingMonitor.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2010-4-8 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\afw.sys [2010-7-8 29208]
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2010-7-8 58592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-21 218688]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02:16];c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-2-28 87536]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2008-1-21 21504]
R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-1-21 21504]
R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-1-21 21504]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-1-21 21504]
R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2008-1-21 21504]
R2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2011-5-12 357504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-4-8 75048]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-11-18 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2010-4-8 3602432]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2010-4-8 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-7-8 318488]
R3 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2010-7-15 305032]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-11-18 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 BgRaSvc;BgRaSvc;c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [2010-6-8 122760]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-17 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-3-5 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-3-5 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-3-5 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-4-16 35584]
.
=============== Created Last 30 ================
.
2011-05-21 14:36:41 -------- d-----w- c:\users\scott\appdata\roaming\TeamViewer
2011-05-21 01:36:52 -------- d-----w- c:\program files\Microsoft WSE
2011-05-21 01:35:43 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-21 01:20:45 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-21 01:20:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-21 01:19:38 -------- d-----w- c:\users\scott\appdata\roaming\DAEMON Tools Lite
2011-05-21 01:19:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-20 17:00:55 -------- d-----w- c:\users\scott\Adobe After Effects CS4
2011-05-17 12:46:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 16:30:22 -------- d-----w- c:\program files\ESET
2011-05-13 15:17:22 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2011-05-13 15:17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20:14 -------- d-----w- c:\users\scott\appdata\roaming\BullGuard
2011-05-12 19:14:50 -------- d-----w- c:\programdata\BullGuard
2011-05-12 19:14:20 -------- d-----w- c:\program files\BullGuard Ltd
2011-05-12 18:02:40 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29:50 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26:45 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34:12 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36:37 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10:54 -------- d-----w- c:\users\scott\appdata\roaming\SPORE
2011-05-09 19:04:40 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-05-09 19:04:14 -------- d-----w- c:\users\scott\appdata\local\Downloaded Installations
2011-05-09 18:23:36 -------- d-----w- c:\windows\system32\EventProviders
2011-05-07 12:26:57 -------- d-----w- c:\users\scott\appdata\local\Adobe-BackupByPhotoshopCS5Portable
2011-05-06 10:30:36 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50afdad7-925e-459b-8a90-90c38d4e72a7}\mpengine.dll
2011-05-04 19:08:19 -------- d-----w- c:\users\scott\appdata\roaming\uTorrent
2011-05-02 16:00:41 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06:50 -------- d-----w- c:\users\scott\appdata\local\TechSmith
2011-05-02 01:00:34 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00:25 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59:04 -------- d-----w- c:\program files\common files\TechSmith Shared
2011-05-01 10:12:51 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-30 17:02:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
==================== Find3M ====================
.
2011-05-20 23:03:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-12 19:28:54 122744 ----a-w- c:\windows\system32\BdInstHk.dll
2011-05-12 19:27:33 58592 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2011-04-09 21:56:35 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41:53 138056 ----a-w- c:\users\scott\appdata\roaming\PnkBstrK.sys
2011-04-09 21:41:43 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33:06 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 18:18:13.93 ===============
 
Good. Let's move on :)

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan.

On completion of the scan click save log, save it to your desktop and post in your next reply.
 
Yes, keep antivirus protection disabled during the operation.
 
Done, as asked. Here is your log
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-25 20:03:39
-----------------------------
20:03:39.752 OS Version: Windows 6.0.6002 Service Pack 2
20:03:39.752 Number of processors: 2 586 0x170A
20:03:39.755 ComputerName: PETER-PC UserName: Scott
20:03:40.728 Initialize success
20:03:43.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:03:43.650 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
20:03:43.659 Disk 0 MBR read successfully
20:03:43.663 Disk 0 MBR scan
20:03:43.667 Disk 0 TDL4@MBR code has been found
20:03:43.673 Disk 0 MBR hidden
20:03:43.677 Disk 0 MBR [TDL4] **ROOTKIT**
20:03:43.682 Disk 0 trace - called modules:
20:03:43.688 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87c214d0]<<
20:03:43.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8763eac8]
20:03:43.698 3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> [0x8577d638]
20:03:43.705 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> [0x86133028]
20:03:43.710 \Driver\iaStor[0x86f52188] -> IRP_MJ_CREATE -> 0x87c214d0
20:03:43.716 Scan finished successfully
20:03:50.833 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
20:03:50.971 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"
 
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Done. I had to uninstall my antivirus, even ending all processes through task manager it kept detecting them. However, I keep getting the 'Host Process has stopped working correctly, checking for solutions' text pop up...
Here's your log from ComboFix
ComboFix 11-05-25.03 - Scott 26/05/2011 16:55:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1902 [GMT 1:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Jacci\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14E40A07-970C-49F3-AD10-5A33B4925F86}.xps
c:\users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BA2E94C-6CE0-4CDB-9419-C3FC02582218}.xps
c:\users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC9A37ED-F08C-4797-AA43-E5DEAA480BEF}.xps
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 16:12 . 2011-05-26 16:15 -------- d-----w- c:\users\Scott\AppData\Local\temp
2011-05-26 16:12 . 2011-05-26 16:12 -------- d-----w- c:\users\Peter\AppData\Local\temp
2011-05-26 16:12 . 2011-05-26 16:12 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-05-26 16:12 . 2011-05-26 16:12 -------- d-----w- c:\users\Jacci\AppData\Local\temp
2011-05-26 16:12 . 2011-05-26 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-21 14:36 . 2011-05-21 14:39 -------- d-----w- c:\users\Scott\AppData\Roaming\TeamViewer
2011-05-21 01:36 . 2011-05-21 01:36 -------- d-----w- c:\program files\Microsoft WSE
2011-05-21 01:35 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-21 01:20 . 2011-05-21 01:20 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-21 01:20 . 2011-05-21 01:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-21 01:19 . 2011-05-21 01:23 -------- d-----w- c:\users\Scott\AppData\Roaming\DAEMON Tools Lite
2011-05-21 01:19 . 2011-05-21 01:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-20 23:04 . 2011-05-20 23:04 -------- d-----w- c:\program files\Common Files\Java
2011-05-20 21:28 . 2011-05-20 21:29 -------- d-----w- c:\program files\ERUNT
2011-05-20 17:00 . 2011-05-20 17:13 -------- d-----w- c:\users\Scott\Adobe After Effects CS4
2011-05-17 12:46 . 2011-05-17 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 10:49 . 2011-05-17 10:52 -------- d-----w- c:\users\Jacci\AppData\Roaming\BullGuard
2011-05-16 14:25 . 2011-05-16 14:27 -------- d-----w- c:\users\Peter\AppData\Roaming\BullGuard
2011-05-13 16:30 . 2011-05-13 16:30 -------- d-----w- c:\program files\ESET
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2011-05-13 15:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20 . 2011-05-12 19:24 -------- d-----w- c:\users\Scott\AppData\Roaming\BullGuard
2011-05-12 19:14 . 2011-05-26 15:38 -------- d-----w- c:\programdata\BullGuard
2011-05-12 18:02 . 2011-05-12 18:02 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29 . 2011-05-12 17:29 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26 . 2011-05-12 17:59 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34 . 2011-05-10 19:34 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36 . 2011-05-09 21:39 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36 . 2011-05-09 21:38 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36 . 2011-05-09 21:38 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10 . 2011-05-09 19:13 -------- d-----w- c:\users\Scott\AppData\Roaming\SPORE
2011-05-09 18:38 . 2011-05-21 01:27 -------- d-----w- c:\program files\Electronic Arts
2011-05-09 18:23 . 2011-05-09 18:23 -------- d-----w- c:\windows\system32\EventProviders
2011-05-09 18:10 . 2011-05-09 18:10 -------- d--h--r- c:\users\Scott\AppData\Roaming\SecuROM
2011-05-07 12:47 . 2011-05-08 19:57 -------- d-----w- c:\programdata\FLEXnet
2011-05-07 12:39 . 2011-05-07 12:39 -------- d-----w- c:\program files\Adobe Media Player
2011-05-07 12:26 . 2011-05-20 22:39 -------- d-----w- c:\users\Scott\AppData\Local\Adobe-BackupByPhotoshopCS5Portable
2011-05-06 10:30 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50AFDAD7-925E-459B-8A90-90C38D4E72A7}\mpengine.dll
2011-05-04 19:08 . 2011-05-25 17:11 -------- d-----w- c:\users\Scott\AppData\Roaming\uTorrent
2011-05-02 16:00 . 2011-05-02 16:00 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06 . 2011-05-02 01:06 -------- d-----w- c:\users\Scott\AppData\Local\TechSmith
2011-05-02 01:00 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00 . 2011-05-02 01:00 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59 . 2011-05-02 00:59 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2011-05-02 00:58 . 2011-05-02 00:59 -------- d-----w- c:\programdata\TechSmith
2011-05-02 00:58 . 2011-05-02 00:58 -------- d-----w- c:\program files\TechSmith
2011-05-01 10:12 . 2011-05-01 10:12 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-30 17:02 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 23:03 . 2010-05-08 18:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 21:56 . 2011-04-09 21:41 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56 . 2011-04-09 21:56 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56 . 2011-04-09 21:41 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41 . 2011-04-09 21:41 138056 ----a-w- c:\users\Scott\AppData\Roaming\PnkBstrK.sys
2011-04-09 21:41 . 2011-04-09 21:41 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41 . 2011-04-09 21:41 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54 . 2011-03-31 20:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54 . 2011-03-31 20:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33 . 2011-03-24 19:33 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03 . 2011-04-15 15:06 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:06 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 15:04 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-30 17:02 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-30 17:02 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-30 17:02 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-30 17:02 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 15:05 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 15:05 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-01 17:56 . 2011-04-17 09:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-04-08 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Jacci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-11-28 142336]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C12F.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-04-16 35584]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2010-04-08 42608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-21 218688]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 17:43 87536]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2010-04-08 3602432]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 11:43]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 11:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ntpx762i.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
HKLM-Run-NPSStartup - (no file)
SafeBoot-BsScanner
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 17:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C12F.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1378842129-2140644964-2066464072-1007\Software\SecuROM\License information*]
"datasecu"=hex:b5,eb,e7,9a,73,28,1e,89,21,f2,e4,5d,7d,f5,39,23,ba,42,17,48,ce,
e3,41,4a,65,a6,e7,56,62,89,5f,7e,c4,6e,fa,6b,c0,16,58,05,0c,d3,14,5d,d0,40,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1188)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
.
**************************************************************************
.
Completion time: 2011-05-26 17:24:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-26 16:24
.
Pre-Run: 47,922,642,944 bytes free
Post-Run: 47,712,706,560 bytes free
.
- - End Of File - - D52CACA251A5BC0179947BE0D8A1B4E8

And here is your DDS log
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_25
Run by Scott at 17:32:20 on 2011-05-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1654 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://intranet.mencap.org.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2010-4-8 42608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-21 218688]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02:16];c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-2-28 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-4-8 75048]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-11-18 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2010-4-8 3602432]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2010-4-8 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-11-18 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-17 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-3-5 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-3-5 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-3-5 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-4-16 35584]
.
=============== Created Last 30 ================
.
2011-05-26 16:25:01 -------- d-----w- c:\users\scott\appdata\local\temp
2011-05-26 16:23:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-26 15:43:31 98816 ----a-w- c:\windows\sed.exe
2011-05-26 15:43:31 89088 ----a-w- c:\windows\MBR.exe
2011-05-26 15:43:31 256512 ----a-w- c:\windows\PEV.exe
2011-05-26 15:43:31 161792 ----a-w- c:\windows\SWREG.exe
2011-05-21 14:36:41 -------- d-----w- c:\users\scott\appdata\roaming\TeamViewer
2011-05-21 01:36:52 -------- d-----w- c:\program files\Microsoft WSE
2011-05-21 01:35:43 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-21 01:20:45 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-21 01:20:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-21 01:19:38 -------- d-----w- c:\users\scott\appdata\roaming\DAEMON Tools Lite
2011-05-21 01:19:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-20 17:00:55 -------- d-----w- c:\users\scott\Adobe After Effects CS4
2011-05-17 12:46:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 16:30:22 -------- d-----w- c:\program files\ESET
2011-05-13 15:17:22 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2011-05-13 15:17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20:14 -------- d-----w- c:\users\scott\appdata\roaming\BullGuard
2011-05-12 19:14:50 -------- d-----w- c:\programdata\BullGuard
2011-05-12 18:02:40 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29:50 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26:45 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34:12 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36:37 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10:54 -------- d-----w- c:\users\scott\appdata\roaming\SPORE
2011-05-09 19:04:40 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-05-09 19:04:14 -------- d-----w- c:\users\scott\appdata\local\Downloaded Installations
2011-05-09 18:23:36 -------- d-----w- c:\windows\system32\EventProviders
2011-05-07 12:26:57 -------- d-----w- c:\users\scott\appdata\local\Adobe-BackupByPhotoshopCS5Portable
2011-05-06 10:30:36 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50afdad7-925e-459b-8a90-90c38d4e72a7}\mpengine.dll
2011-05-04 19:08:19 -------- d-----w- c:\users\scott\appdata\roaming\uTorrent
2011-05-02 16:00:41 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06:50 -------- d-----w- c:\users\scott\appdata\local\TechSmith
2011-05-02 01:00:34 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00:25 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59:04 -------- d-----w- c:\program files\common files\TechSmith Shared
2011-05-01 10:12:51 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-30 17:02:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
==================== Find3M ====================
.
2011-05-20 23:03:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 21:56:35 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41:53 138056 ----a-w- c:\users\scott\appdata\roaming\PnkBstrK.sys
2011-04-09 21:41:43 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33:06 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 17:39:14.93 ===============
 
Hi,

Re-Run aswMBR. Click Scan. On completion of the scan Click the Fix button.

Save the log as before and post in your next reply.
 
Had to save log before removal

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-25 20:03:39
-----------------------------
20:03:39.752 OS Version: Windows 6.0.6002 Service Pack 2
20:03:39.752 Number of processors: 2 586 0x170A
20:03:39.755 ComputerName: PETER-PC UserName: Scott
20:03:40.728 Initialize success
20:03:43.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:03:43.650 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
20:03:43.659 Disk 0 MBR read successfully
20:03:43.663 Disk 0 MBR scan
20:03:43.667 Disk 0 TDL4@MBR code has been found
20:03:43.673 Disk 0 MBR hidden
20:03:43.677 Disk 0 MBR [TDL4] **ROOTKIT**
20:03:43.682 Disk 0 trace - called modules:
20:03:43.688 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87c214d0]<<
20:03:43.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8763eac8]
20:03:43.698 3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> [0x8577d638]
20:03:43.705 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> [0x86133028]
20:03:43.710 \Driver\iaStor[0x86f52188] -> IRP_MJ_CREATE -> 0x87c214d0
20:03:43.716 Scan finished successfully
20:03:50.833 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
20:03:50.971 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-26 19:34:21
-----------------------------
19:34:21.604 OS Version: Windows 6.0.6002 Service Pack 2
19:34:21.604 Number of processors: 2 586 0x170A
19:34:21.607 ComputerName: PETER-PC UserName: Scott
19:34:23.910 Initialize success
19:34:26.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:34:26.099 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
19:34:26.118 Disk 0 MBR read successfully
19:34:26.121 Disk 0 MBR scan
19:34:26.124 Disk 0 TDL4@MBR code has been found
19:34:26.128 Disk 0 MBR hidden
19:34:26.132 Disk 0 MBR [TDL4] **ROOTKIT**
19:34:26.137 Disk 0 trace - called modules:
19:34:26.142 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x878144d0]<<
19:34:26.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c24280]
19:34:26.152 3 CLASSPNP.SYS[8aba88b3] -> nt!IofCallDriver -> [0x85d36688]
19:34:26.157 5 acpi.sys[806936bc] -> nt!IofCallDriver -> [0x84f42028]
19:34:26.165 \Driver\iaStor[0x8753b590] -> IRP_MJ_CREATE -> 0x878144d0
19:34:26.170 Scan finished successfully
19:34:28.142 Disk 0 fixing MBR ...
19:34:38.150 Disk 0 MBR restored successfully
19:34:38.160 Verifying disinfection
19:35:02.748 Disinfection error
19:35:07.357 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
19:35:07.531 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-26 19:35:31
-----------------------------
19:35:31.571 OS Version: Windows 6.0.6002 Service Pack 2
19:35:31.572 Number of processors: 2 586 0x170A
19:35:31.574 ComputerName: PETER-PC UserName: Scott
19:35:33.090 Initialize success
19:35:35.039 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:35:35.042 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
19:35:35.053 Disk 0 MBR read successfully
19:35:35.057 Disk 0 MBR scan
19:35:35.060 Disk 0 TDL4@MBR code has been found
19:35:35.064 Disk 0 MBR hidden
19:35:35.068 Disk 0 MBR [TDL4] **ROOTKIT**
19:35:35.074 Disk 0 trace - called modules:
19:35:35.080 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x878144d0]<<
19:35:35.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c24280]
19:35:35.091 3 CLASSPNP.SYS[8aba88b3] -> nt!IofCallDriver -> [0x85d36688]
19:35:35.097 5 acpi.sys[806936bc] -> nt!IofCallDriver -> [0x84f42028]
19:35:35.102 \Driver\iaStor[0x8753b590] -> IRP_MJ_CREATE -> 0x878144d0
19:35:35.109 Scan finished successfully
19:35:41.655 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
19:35:41.791 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"
 
Hi,

Did aswMBR ask for a reboot yet? It should ask to reboot (or automatically do that) after fixing process is finished.
 
Ok. Was any of those logs in your post above taken after the reboot? If not please run a scan with aswMBR again and post back its log.
 
Here's the newest log

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-26 19:56:10
-----------------------------
19:56:10.043 OS Version: Windows 6.0.6002 Service Pack 2
19:56:10.043 Number of processors: 2 586 0x170A
19:56:10.046 ComputerName: PETER-PC UserName: Scott
19:56:50.238 Initialize success
19:56:55.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:56:55.656 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
19:56:55.672 Disk 0 MBR read successfully
19:56:55.675 Disk 0 MBR scan
19:56:55.679 Disk 0 unknown MBR code
19:56:55.684 Disk 0 scanning sectors +488394752
19:56:55.718 Disk 0 scanning C:\Windows\system32\drivers
19:57:13.374 Service scanning
19:57:14.880 Disk 0 trace - called modules:
19:57:14.928 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
19:57:14.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e6bac8]
19:57:14.938 3 CLASSPNP.SYS[8aba28b3] -> nt!IofCallDriver -> [0x858f7f08]
19:57:14.943 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8592b028]
19:57:14.949 Scan finished successfully
19:57:23.161 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
19:57:23.406 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"
 
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Folder::
c:\users\Scott\AppData\Roaming\uTorrent


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Heres your combofix ComboFix Log, will post eset log and dds once online scanner finished

ComboFix 11-05-25.03 - Scott 27/05/2011 16:11:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1815 [GMT 1:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\AppData\Roaming\uTorrent
c:\users\Scott\AppData\Roaming\uTorrent\Action Essentials 2 720p Disk 1 DSK torrent.1.torrent
c:\users\Scott\AppData\Roaming\uTorrent\Action Essentials 2 720p Disk 1 DSK torrent.torrent
c:\users\Scott\AppData\Roaming\uTorrent\Adobe After Effects CS4 (Final) [RH].torrent
c:\users\Scott\AppData\Roaming\uTorrent\apps.btapp
c:\users\Scott\AppData\Roaming\uTorrent\apps\DADC6E156485529178AD96DD503321DE39C1BED5.btapp
c:\users\Scott\AppData\Roaming\uTorrent\dht.dat
c:\users\Scott\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Scott\AppData\Roaming\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
c:\users\Scott\AppData\Roaming\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
c:\users\Scott\AppData\Roaming\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
c:\users\Scott\AppData\Roaming\uTorrent\resume.dat
c:\users\Scott\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Scott\AppData\Roaming\uTorrent\rss.dat
c:\users\Scott\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Scott\AppData\Roaming\uTorrent\settings.dat
c:\users\Scott\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Scott\AppData\Roaming\uTorrent\The Sims 3 - Razor1911 Final MAXSPEED.torrent
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 15:29 . 2011-05-27 15:29 -------- d-----w- c:\users\Scott\AppData\Local\temp
2011-05-27 15:29 . 2011-05-27 15:29 -------- d-----w- c:\users\Peter\AppData\Local\temp
2011-05-27 15:29 . 2011-05-27 15:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-05-27 15:29 . 2011-05-27 15:29 -------- d-----w- c:\users\Jacci\AppData\Local\temp
2011-05-27 15:29 . 2011-05-27 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-26 20:06 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-26 20:06 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-26 20:06 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-26 20:06 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-26 20:06 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-26 20:06 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-26 20:06 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-26 20:06 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-26 20:06 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-26 20:06 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-26 20:06 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-26 20:04 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-05-26 19:50 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9888FD39-D4A5-4C31-90F6-0864A9448D8F}\mpengine.dll
2011-05-26 17:27 . 2011-05-26 17:27 -------- d-----w- c:\program files\BullGuard Ltd
2011-05-21 14:36 . 2011-05-21 14:39 -------- d-----w- c:\users\Scott\AppData\Roaming\TeamViewer
2011-05-21 01:36 . 2011-05-21 01:36 -------- d-----w- c:\program files\Microsoft WSE
2011-05-21 01:35 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-21 01:20 . 2011-05-21 01:20 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-21 01:20 . 2011-05-21 01:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-21 01:19 . 2011-05-21 01:23 -------- d-----w- c:\users\Scott\AppData\Roaming\DAEMON Tools Lite
2011-05-21 01:19 . 2011-05-21 01:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-20 23:04 . 2011-05-20 23:04 -------- d-----w- c:\program files\Common Files\Java
2011-05-20 21:28 . 2011-05-20 21:29 -------- d-----w- c:\program files\ERUNT
2011-05-20 17:00 . 2011-05-20 17:13 -------- d-----w- c:\users\Scott\Adobe After Effects CS4
2011-05-17 12:46 . 2011-05-17 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 10:49 . 2011-05-17 10:52 -------- d-----w- c:\users\Jacci\AppData\Roaming\BullGuard
2011-05-16 14:25 . 2011-05-16 14:27 -------- d-----w- c:\users\Peter\AppData\Roaming\BullGuard
2011-05-13 16:30 . 2011-05-13 16:30 -------- d-----w- c:\program files\ESET
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2011-05-13 15:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20 . 2011-05-12 19:24 -------- d-----w- c:\users\Scott\AppData\Roaming\BullGuard
2011-05-12 19:14 . 2011-05-27 15:06 -------- d-----w- c:\programdata\BullGuard
2011-05-12 18:02 . 2011-05-12 18:02 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29 . 2011-05-12 17:29 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26 . 2011-05-12 17:59 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34 . 2011-05-10 19:34 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36 . 2011-05-09 21:39 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36 . 2011-05-09 21:38 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36 . 2011-05-09 21:38 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10 . 2011-05-09 19:13 -------- d-----w- c:\users\Scott\AppData\Roaming\SPORE
2011-05-09 18:38 . 2011-05-21 01:27 -------- d-----w- c:\program files\Electronic Arts
2011-05-09 18:23 . 2011-05-09 18:23 -------- d-----w- c:\windows\system32\EventProviders
2011-05-09 18:10 . 2011-05-09 18:10 -------- d--h--r- c:\users\Scott\AppData\Roaming\SecuROM
2011-05-07 12:47 . 2011-05-08 19:57 -------- d-----w- c:\programdata\FLEXnet
2011-05-07 12:39 . 2011-05-07 12:39 -------- d-----w- c:\program files\Adobe Media Player
2011-05-02 16:00 . 2011-05-02 16:00 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06 . 2011-05-02 01:06 -------- d-----w- c:\users\Scott\AppData\Local\TechSmith
2011-05-02 01:00 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00 . 2011-05-02 01:00 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59 . 2011-05-02 00:59 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2011-05-02 00:58 . 2011-05-02 00:59 -------- d-----w- c:\programdata\TechSmith
2011-05-02 00:58 . 2011-05-02 00:58 -------- d-----w- c:\program files\TechSmith
2011-05-01 10:12 . 2011-05-01 10:12 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-30 17:02 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 23:03 . 2010-05-08 18:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 21:56 . 2011-04-09 21:41 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56 . 2011-04-09 21:56 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56 . 2011-04-09 21:41 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41 . 2011-04-09 21:41 138056 ----a-w- c:\users\Scott\AppData\Roaming\PnkBstrK.sys
2011-04-09 21:41 . 2011-04-09 21:41 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41 . 2011-04-09 21:41 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54 . 2011-03-31 20:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54 . 2011-03-31 20:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33 . 2011-03-24 19:33 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03 . 2011-04-15 15:06 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:06 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 15:04 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-30 17:02 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-30 17:02 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-30 17:02 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-30 17:02 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 15:05 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 15:05 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-01 17:56 . 2011-04-17 09:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-04-08 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Jacci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-11-28 142336]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2010-04-08 3602432]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C12F.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-04-16 35584]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2010-04-08 42608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-21 218688]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 17:43 87536]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S4 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]
S4 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [x]
S4 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 11:43]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 11:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ntpx762i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 16:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C12F.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1378842129-2140644964-2066464072-1007\Software\SecuROM\License information*]
"datasecu"=hex:b5,eb,e7,9a,73,28,1e,89,21,f2,e4,5d,7d,f5,39,23,ba,42,17,48,ce,
e3,41,4a,65,a6,e7,56,62,89,5f,7e,c4,6e,fa,6b,c0,16,58,05,0c,d3,14,5d,d0,40,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-27 16:33:58
ComboFix-quarantined-files.txt 2011-05-27 15:33
ComboFix2.txt 2011-05-26 16:24
.
Pre-Run: 46,179,008,512 bytes free
Post-Run: 45,924,839,424 bytes free
.
- - End Of File - - 04996C076233109513430A419C08D98D
 
Here is Eset Online Scan results:

C:\Users\Peter\Downloads\cbfileinforegistrybooster.exe Win32/RegistryBooster application
C:\Users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\ACS4MC-Keygen.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
D:\BitLord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Nero-7.10.1.2_all_update.exe Win32/Toolbar.AskSBar application
D:\Nero\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe multiple threats

And here's your DDS:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_25
Run by Scott at 19:06:22 on 2011-05-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.968 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Guitar Pro 6\GuitarPro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Scott\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://intranet.mencap.org.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\ntpx762i.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2010-4-8 42608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-21 218688]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02:16];c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-2-28 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-4-8 75048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-11-18 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2010-4-8 122368]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-11-18 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2010-4-8 3602432]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-17 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-3-5 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-3-5 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-3-5 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-4-16 35584]
.
=============== Created Last 30 ================
.
2011-05-27 15:34:05 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-27 15:34:01 -------- d-----w- c:\users\scott\appdata\local\temp
2011-05-26 20:06:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-26 20:06:45 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-26 20:06:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-26 20:06:45 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-26 20:06:44 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-26 20:06:44 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-26 20:06:43 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-26 20:06:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-26 20:06:43 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-26 20:06:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-26 20:06:42 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-26 20:04:56 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-05-26 19:50:04 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9888fd39-d4a5-4c31-90f6-0864a9448d8f}\mpengine.dll
2011-05-26 17:27:55 -------- d-----w- c:\program files\BullGuard Ltd
2011-05-26 15:43:31 98816 ----a-w- c:\windows\sed.exe
2011-05-26 15:43:31 89088 ----a-w- c:\windows\MBR.exe
2011-05-26 15:43:31 256512 ----a-w- c:\windows\PEV.exe
2011-05-26 15:43:31 161792 ----a-w- c:\windows\SWREG.exe
2011-05-21 14:36:41 -------- d-----w- c:\users\scott\appdata\roaming\TeamViewer
2011-05-21 01:36:52 -------- d-----w- c:\program files\Microsoft WSE
2011-05-21 01:35:43 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-21 01:20:45 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-21 01:20:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-21 01:19:38 -------- d-----w- c:\users\scott\appdata\roaming\DAEMON Tools Lite
2011-05-21 01:19:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-20 17:00:55 -------- d-----w- c:\users\scott\Adobe After Effects CS4
2011-05-17 12:46:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 16:30:22 -------- d-----w- c:\program files\ESET
2011-05-13 15:17:22 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2011-05-13 15:17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20:14 -------- d-----w- c:\users\scott\appdata\roaming\BullGuard
2011-05-12 19:14:50 -------- d-----w- c:\programdata\BullGuard
2011-05-12 18:02:40 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29:50 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26:45 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34:12 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36:43 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36:37 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10:54 -------- d-----w- c:\users\scott\appdata\roaming\SPORE
2011-05-09 19:04:40 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-05-09 19:04:14 -------- d-----w- c:\users\scott\appdata\local\Downloaded Installations
2011-05-09 18:23:36 -------- d-----w- c:\windows\system32\EventProviders
2011-05-02 16:00:41 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06:50 -------- d-----w- c:\users\scott\appdata\local\TechSmith
2011-05-02 01:00:34 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00:25 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59:04 -------- d-----w- c:\program files\common files\TechSmith Shared
2011-05-01 10:12:51 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-30 17:02:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
==================== Find3M ====================
.
2011-05-20 23:03:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 21:56:35 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56:24 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41:53 138056 ----a-w- c:\users\scott\appdata\roaming\PnkBstrK.sys
2011-04-09 21:41:43 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33:06 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 19:09:13.98 ===============
 
Hi,

It seems your Adobe After Effects CS4 and Nero 7 Ultra Edition installations are not legit ones. That's why you need to uninstall them now. If you can't afford legit Nero license there're great alternatives like ImgBurn available for free.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Users\Peter\Downloads\cbfileinforegistrybooster.exe
Folder::
C:\Users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]
D:\BitLord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Any issues left?
 
Here is your log. I cannot yet tell you whether or not i have problems as it can keep returning. My erunt keeps complaining it cant backup every time i start the computer up.

ComboFix 11-05-25.03 - Scott 28/05/2011 11:12:24.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1946 [GMT 1:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Peter\Downloads\cbfileinforegistrybooster.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Adobe Host File_Screenshot.jpg
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\ACS4MC-Keygen.EXE
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\Screenshot_Keygen.jpg
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\Thumbs.db
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Install notes.txt
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\Additional Script blocker (in case of problems)\7z457-x64.msi
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\Additional Script blocker (in case of problems)\7z460.exe
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\Additional Script blocker (in case of problems)\Extra Script Block\__MACOSX\Block Adobe Activation.app\Contents\Resources\Scripts\._main.scpt
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\Additional Script blocker (in case of problems)\Extra Script Block\Block Adobe Activation.app\Contents\Info.plist
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\Additional Script blocker (in case of problems)\Extra Script Block\Block Adobe Activation.app\Contents\MacOS\applet
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\Additional Script blocker (in case of problems)\Extra Script Block\Block Adobe Activation.app\Contents\PkgInfo
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\disable_activation.cmd
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\disable_activation_osx
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Screenshot_Keygen.jpg
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Thumbs.db
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\Fix\amtlib.dll
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\Fix\Readme.txt
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\Fix\Shockwave_Installer_Slim.exe
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\Readme.txt
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\Setup_AECS4\ADBEAFETCS4_LS7.7z
c:\users\Scott\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\Setup_AECS4\ADBEAFETCS4_LS7.exe
d:\bitlord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]
d:\bitlord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Ahead Nero 7.5.9.0 Ultra Edition Enhanced.exe
d:\bitlord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Nero-7.10.1.2_all_update.exe
d:\bitlord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Read Me.txt
d:\bitlord\Downloads\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Torrent_downloaded_from_Demonoid.com.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 10:31 . 2011-05-28 10:34 -------- d-----w- c:\users\Scott\AppData\Local\temp
2011-05-28 10:31 . 2011-05-28 10:31 -------- d-----w- c:\users\Peter\AppData\Local\temp
2011-05-28 10:31 . 2011-05-28 10:31 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-05-28 10:31 . 2011-05-28 10:31 -------- d-----w- c:\users\Jacci\AppData\Local\temp
2011-05-28 10:31 . 2011-05-28 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-28 02:08 . 2011-05-28 02:08 -------- d-----w- c:\program files\Windows Portable Devices
2011-05-28 02:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-05-28 02:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-28 02:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-28 02:04 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-05-28 02:04 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-28 02:04 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-05-28 02:04 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-28 02:04 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-05-28 02:04 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-05-28 02:04 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-05-28 02:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-05-28 02:04 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2011-05-28 02:04 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2011-05-28 02:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-05-28 02:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-05-28 02:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-05-27 22:09 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8C744BB-94FE-4A68-8140-BCE773948B07}\mpengine.dll
2011-05-26 20:06 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-26 20:06 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-26 20:06 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-26 20:06 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-26 20:06 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-26 20:06 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-26 20:06 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-26 20:06 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-26 20:06 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-26 20:06 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-05-26 20:06 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-26 20:06 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-26 20:06 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-05-26 20:04 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-05-21 14:36 . 2011-05-21 14:39 -------- d-----w- c:\users\Scott\AppData\Roaming\TeamViewer
2011-05-21 01:36 . 2011-05-21 01:36 -------- d-----w- c:\program files\Microsoft WSE
2011-05-21 01:35 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-21 01:20 . 2011-05-21 01:20 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-21 01:20 . 2011-05-21 01:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-21 01:19 . 2011-05-21 01:23 -------- d-----w- c:\users\Scott\AppData\Roaming\DAEMON Tools Lite
2011-05-21 01:19 . 2011-05-21 01:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-20 23:04 . 2011-05-20 23:04 -------- d-----w- c:\program files\Common Files\Java
2011-05-20 21:28 . 2011-05-20 21:29 -------- d-----w- c:\program files\ERUNT
2011-05-20 17:00 . 2011-05-20 17:13 -------- d-----w- c:\users\Scott\Adobe After Effects CS4
2011-05-17 12:46 . 2011-05-17 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 10:49 . 2011-05-17 10:52 -------- d-----w- c:\users\Jacci\AppData\Roaming\BullGuard
2011-05-16 14:25 . 2011-05-16 14:27 -------- d-----w- c:\users\Peter\AppData\Roaming\BullGuard
2011-05-13 16:30 . 2011-05-13 16:30 -------- d-----w- c:\program files\ESET
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2011-05-13 15:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 15:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 15:17 . 2011-05-13 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 19:20 . 2011-05-12 19:24 -------- d-----w- c:\users\Scott\AppData\Roaming\BullGuard
2011-05-12 19:14 . 2011-05-28 10:08 -------- d-----w- c:\programdata\BullGuard
2011-05-12 18:02 . 2011-05-12 18:02 -------- d-----w- c:\program files\Sophos
2011-05-12 17:29 . 2011-05-12 17:29 2 --shatr- c:\windows\winstart.bat
2011-05-12 17:26 . 2011-05-12 17:59 -------- d-----w- c:\program files\UnHackMe
2011-05-10 19:34 . 2011-05-10 19:34 -------- d-----w- c:\program files\RocketDock
2011-05-09 21:36 . 2011-05-09 21:39 -------- d-----w- c:\windows\system32\ca-ES
2011-05-09 21:36 . 2011-05-09 21:38 -------- d-----w- c:\windows\system32\eu-ES
2011-05-09 21:36 . 2011-05-09 21:38 -------- d-----w- c:\windows\system32\vi-VN
2011-05-09 19:10 . 2011-05-09 19:13 -------- d-----w- c:\users\Scott\AppData\Roaming\SPORE
2011-05-09 18:38 . 2011-05-21 01:27 -------- d-----w- c:\program files\Electronic Arts
2011-05-09 18:23 . 2011-05-09 18:23 -------- d-----w- c:\windows\system32\EventProviders
2011-05-09 18:10 . 2011-05-09 18:10 -------- d--h--r- c:\users\Scott\AppData\Roaming\SecuROM
2011-05-07 12:47 . 2011-05-08 19:57 -------- d-----w- c:\programdata\FLEXnet
2011-05-07 12:39 . 2011-05-07 12:39 -------- d-----w- c:\program files\Adobe Media Player
2011-05-02 16:00 . 2011-05-02 16:00 -------- d-----w- C:\.jagex_cache_32
2011-05-02 01:06 . 2011-05-02 01:06 -------- d-----w- c:\users\Scott\AppData\Local\TechSmith
2011-05-02 01:00 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-02 01:00 . 2011-05-02 01:00 -------- d-----w- c:\windows\system32\QuickTime
2011-05-02 00:59 . 2011-05-02 00:59 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2011-05-02 00:58 . 2011-05-02 00:59 -------- d-----w- c:\programdata\TechSmith
2011-05-02 00:58 . 2011-05-02 00:58 -------- d-----w- c:\program files\TechSmith
2011-05-01 10:12 . 2011-05-01 10:12 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-30 17:02 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-30 17:02 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 23:03 . 2010-05-08 18:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 21:56 . 2011-04-09 21:41 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 21:56 . 2011-04-09 21:56 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 21:56 . 2011-04-09 21:41 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 21:41 . 2011-04-09 21:41 138056 ----a-w- c:\users\Scott\AppData\Roaming\PnkBstrK.sys
2011-04-09 21:41 . 2011-04-09 21:41 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-09 21:41 . 2011-04-09 21:41 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 17:54 . 2011-03-31 20:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 17:54 . 2011-03-31 20:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-24 19:33 . 2011-03-24 19:33 2892 ----a-w- c:\windows\system32\audcon.sys
2011-03-10 17:03 . 2011-04-15 15:06 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:06 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 15:04 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-30 17:02 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-30 17:02 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-30 17:02 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-30 17:02 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 15:05 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 15:05 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-01 17:56 . 2011-04-17 09:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-04-08 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Jacci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-11-28 142336]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C12F.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-04-16 35584]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2010-04-08 42608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-21 218688]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/02/28 21:02];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 17:43 87536]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2010-04-08 3602432]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 11:43]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 11:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0410&m=aspire_6930g
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4951123C-F3EA-4F04-92DA-F1A3612D76A8} = 156.154.70.22,156.154.71.22
TCP: {DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ntpx762i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 11:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C12F.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1378842129-2140644964-2066464072-1007\Software\SecuROM\License information*]
"datasecu"=hex:b5,eb,e7,9a,73,28,1e,89,21,f2,e4,5d,7d,f5,39,23,ba,42,17,48,ce,
e3,41,4a,65,a6,e7,56,62,89,5f,7e,c4,6e,fa,6b,c0,16,58,05,0c,d3,14,5d,d0,40,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3792)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-05-28 11:42:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 10:42
ComboFix2.txt 2011-05-27 15:33
ComboFix3.txt 2011-05-26 16:24
.
Pre-Run: 42,088,808,448 bytes free
Post-Run: 40,970,629,120 bytes free
.
- - End Of File - - 630A9AFAE9F5E07541E619332FCB436B
 
You must log in or register to reply here.
Back
Top