Free Malware Removal Forum

[Junebug]

Hi, managed it!!

ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d443a16261be194884927aeb87a40e66
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-29 08:39:06
# local_time=2010-07-29 09:39:06 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 389605 389605 0 0
# compatibility_mode=1024 16777215 100 0 21432675 21432675 0 0
# compatibility_mode=5892 16776574 100 95 79546098 117962527 0 0
# compatibility_mode=8192 67108863 100 0 315 315 0 0
# scanned=110691
# found=0
# cleaned=0
# scan_time=6191


RSIT Log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Keri at 2010-07-29 22:13:54
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 11 GB (15%) free of 71 GB
Total RAM: 1976 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:14:25, on 29/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\QtZyEmachine.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Keri\Desktop\RSIT.exe
C:\Program Files\trend micro\Keri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 9&m=emg720
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/firefox?client= ... B:official
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 9&m=emg720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx? ... 9&m=emg720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZyEmachine.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 7389 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-20 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-07-31 2554680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll [2009-07-31 736240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-07-31 2554680]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-21 182808]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-06 6265376]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-11 1033512]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-07 34040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-21 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-21 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-21 145944]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZyEmachine.EXE [2008-06-24 817672]
"eRecoveryService"= []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-24 30192]
"WarReg_PopUp"=C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [2008-05-09 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-15 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-21 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-29 19:50:40 ----D---- C:\Program Files\ESET
2010-07-27 21:21:42 ----ASH---- C:\hiberfil.sys
2010-07-27 20:56:06 ----A---- C:\Windows\ntbtlog.txt
2010-07-26 20:44:47 ----D---- C:\ProgramData\WindowsSearch
2010-07-26 20:22:07 ----D---- C:\Users\Keri\AppData\Roaming\Malwarebytes
2010-07-26 20:21:50 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-26 20:21:49 ----D---- C:\ProgramData\Malwarebytes
2010-07-26 20:21:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-26 20:21:49 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-25 07:41:18 ----D---- C:\Program Files\trend micro
2010-07-25 07:41:16 ----D---- C:\rsit
2010-07-25 07:37:04 ----D---- C:\MGADiagToolOutput
2010-07-15 19:46:57 ----A---- C:\Windows\system32\avgrsstx.dll
2010-07-12 18:12:36 ----D---- C:\Users\Keri\AppData\Roaming\AVG9

======List of files/folders modified in the last 1 months======

2010-07-29 22:13:47 ----D---- C:\Windows\Temp
2010-07-29 19:51:30 ----D---- C:\Windows\Prefetch
2010-07-29 19:50:40 ----RD---- C:\Program Files
2010-07-29 19:32:36 ----D---- C:\Windows\winsxs
2010-07-29 19:31:58 ----SHD---- C:\Windows\Installer
2010-07-29 19:31:58 ----D---- C:\Windows\system32\drivers\Avg
2010-07-29 19:31:58 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-29 19:31:14 ----SHD---- C:\System Volume Information
2010-07-28 20:23:41 ----SD---- C:\ProgramData\Microsoft
2010-07-27 20:56:06 ----D---- C:\Windows
2010-07-26 22:32:14 ----D---- C:\Windows\system32\catroot2
2010-07-26 20:44:47 ----HD---- C:\ProgramData
2010-07-26 20:21:50 ----D---- C:\Windows\system32\drivers
2010-07-25 13:11:49 ----D---- C:\Program Files\Microsoft Office
2010-07-25 13:11:44 ----D---- C:\Program Files\Common Files\System
2010-07-25 13:11:18 ----D---- C:\Windows\System32
2010-07-25 13:11:18 ----D---- C:\Program Files\Common Files
2010-07-18 14:22:44 ----D---- C:\Users\Keri\AppData\Roaming\Spotify
2010-07-17 09:57:12 ----D---- C:\World of Warcraft
2010-07-16 14:44:43 ----D---- C:\Program Files\eMachines GameZone
2010-07-16 14:33:48 ----SD---- C:\Windows\Downloaded Program Files
2010-07-14 19:55:26 ----D---- C:\Windows\system32\catroot
2010-07-14 19:55:23 ----D---- C:\Program Files\Windows Mail
2010-07-02 20:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-07-01 21:39:18 ----D---- C:\Program Files\Mozilla Firefox
2010-06-30 20:20:36 ----D---- C:\ProgramData\Blizzard Entertainment
2010-06-30 20:18:27 ----A---- C:\Windows\WinInit.Ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-21 324120]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-06-11 15392]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-06-26 212992]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-01-23 1187320]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-21 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-06 2164248]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-11 196784]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-10 917504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-21 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-24 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-31 138168]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------


COmputer seems to be working okay, but not been using it much, just really to do this!


J

[DFW]

Hi junebug

Well done on getting AVG fix to work, I have checked all your logs and I am pleased to say that I cannot find any Malware on board your system, and nothing that would
explain how your gamer account was hacked, I am going to help you upgrade your system to SP2, but first update the software below, and we will perform some Hard-Drive Maintenance and Repair





Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.

• Uninstall Adobe Reader 9 Go to Start > Control Panel > Programs and Features.
  Right click on Adobe Reader 9 and select remove
• Install the new downloaded updated software.

Be sure not to remove any paid for Adobe programs like Adobe Acrobat or Adobe Photoshop that you may have installed


Now reboot your system before next part.



Vista Check-Disk:

Please visit this webpage and scroll down to:

METHOD ONE:
Run Check Disk from within Vista

Then follow the instructions through 1 - 10 and then reboot your computer and let the Check-Disk perform its tasks. This may take some time.

Note: Please make sure you do carry out the above as it is vital!




When the above Hard-Drive Maintenance is done please go to the link below and download this file, it's a large download so it
could take some time, save it to a safe location, and dont try to install it yet.


http://www.microsoft.com/downloads/deta ... laylang=en


When you have done all the above pop back and let me know.

[Junebug]

Hi there DFW,

Thats all of the above done, thanks big time for your help

J

[DFW]

Hi Junebug, we are almost done, follow the steps below, if you can I would print them out, or save them to a text file.


Before we start back up importand data you have, I know I asked before, but we cannot be to carefull..


To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled, now delete defrogger from your desktop.




We Need to remove the tools we have used
Please download OTC and save it to desktop.
This tool will remove all the tools(and logs created) we used to clean your pc. Any left over merely delete yourself and empty the Recycle Bin.

• Right click on OTC.exeselect Run as administrator to run the program
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



You need to clear some space on your Hard drive if possible, at present you only have 15% free space, please uninstall all unwanted programs,
and delete any unwanted files or data,



Reset the System Restore points:

Create a new, clean System Restore point:-

• Right click on Computer and select Properties >> System protection >> Create.
• Give this restore point a descriptive name and click Create.
• When done, click Apply >> OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

• Right click on Computer and select Properties >> System protection.
• (untick) Vista C system box an click Turn off system restore then Apply >> OK.
• Restart your computer.
• Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK

Run TFC(Temp File Cleaner)

• Save any unsaved work. TFC will close all open application windows.
• Right-click TFC.exe And select " Run as administrator to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.




We need to disable AVG 9.0 Resident Shield:

Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes.


Also make sure any other programs you have running are closed down, we what your system as quiet as we possibly can to install SP2



Next Locate the SP2 installer (Windows6.0-KB948465-X86.exe) we have already downloaded.

Right-click on Windows6.0-KB948465-X86.exe And select " Run as administrator to run the update.

On the Welcome to Windows Vista Service Pack 2 page, click Next.

Follow the instructions on your screen. The computer might restart several times during the installation.

After installation is complete, log on to your computer at the Windows logon prompt. You'll receive a message indicating whether the update was successful.

If successful just restart your system one more time.

Now you can reactivate AVG 9.
Open AVG User Interface.
Double-click on the Resident Shield.
Tick the option Resident Shield active.
Save the changes.



Next visit Windows updates, allow any install any Active X/programs to install if promted, select/click on Express update, and follow all instructions.
Each time your system downloads and install the updates, revisting the site untill there is no more updates to install.
http://www.update.microsoft.com/windows ... x?ln=en-us


Next once you have installed all updates and your system has rebooted for the last time, you are going to need to defrag your system.



1.Open Disk Defragmenter by clicking the Start button , clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

2.Click Defragment Now.

Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk,
I would say in your case a few hours, just let it run.





Pop back and let me know all went well.

[Junebug]

Hi DFW,

Thats it all done now. thank you loads for your help, and im happy we've done everything to make sure the computers clean, your a genius


JB

[DFW]

Hi Junebug,

Your welcome.

keep in mind that you have just gave your system a major update, as you are a little sort on disk space, run this fix below in a few days, if you need to.
This will delete all the files that SP2 backup then updated, giving you back some hard drive space, I say in a few days because you just need to make sure that
everything is OK, and running fine, This takes away the ability to uninstall SP2, but that is not a worry these days, as you just cannot run
Vista with SP1, you are just a target and breeding ground for Malware with SP1, and the only option apart from what we have done, is a format and reinstall, to install SP2.

To free Space

Click on Windows Vista Start>All Programs>Accessories>Command Prompt or click Start>Run and type cmd to open Command Prompt Windows

Execute the command by typing Compcln.exe into the run box and press ENTER

You will be prompted with a question whether to keep Vista SP2 permanently in the system.

Once users type “Y” and press enter, the system will start performing the windows components clean.
When finished reboot, and create new restore point.


Create a new, clean System Restore point:-

• Right click on Computer and select Properties >> System protection >> Create.
• Give this restore point a descriptive name and click Create.
• When done, click Apply >> OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

• Right click on Computer and select Properties >> System protection.
• (untick) Vista C system box an click Turn off system restore then Apply >> OK.
• Restart your computer.
• Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK

reboot..

---------------------------------------------------------------------------------------




Here is some extra protection, to help you stay clean

Keep Malwarebytes' Anti-Malware installed and updated, I would also keep Temp File Cleaner and run weekly on both to keep your system free of clutter.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software




Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update,
you can use the Secunia Software Inspector - I suggest that you run it at least once a month


Stay away from any cracked software in any form, its always infected, as the bad guys use to circulate there wares.

If you are looking for a good free office program try this, not used it myself, but heard good things about it.

http://www.openoffice.org/




We are about done here now

Good luck & safe surfing.

DFW

[Dakeyras]

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.