Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5437

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/1/2011 9:22:22 AM
mbam-log-2011-01-01 (09-22-22).txt

Scan type: Quick scan
Objects scanned: 158787
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Michael\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Roaming\scgdfgasfbh.bat (Malware.Trace) -> Quarantined and deleted successfully.

Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:

• Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do this:
  
  Reply to this topic with the word BUMP.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

- Both Administrator acconts are now hidden.... Run As Administrator does not have password input box.
Command prompt has same result.
Tried control+alt+delete at splash screen with no result.
Parental Control is on only standard account, with limited program access.
Running in Safe Mode has no results.
I most likely clicked or unclicked a box when exploring different user restrictions for the standard account.
What other way is there to get password input for run as administrator? Or to log in?

I found the solution to my no administrator problem.
http://www.vistax64.com/vista-account-administration/67169-no-administrator-account-2.html
I am barely qualified as a novice and it did work.
Couldn't find a topic here that covered my specific problem.
So this is why I posted that link here.
Hope this can help someone else in the future.

Can you run ComboFix?

ComboFix 11-01-01.01 - MaintAdministrator 01/01/2011 20:05:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.966 [GMT -8:00]
Running from: c:\users\MaintAdministrator\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\iDhOm06300
c:\programdata\iDhOm06300\iDhOm06300
c:\programdata\iDhOm06300\iDhOm06300.exe
c:\users\Michael\AppData\Roaming\install
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-01 22:12 . 2011-01-01 22:37 -------- d-----w- c:\users\MaintAdministrator
2011-01-01 18:23 . 2011-01-01 18:23 -------- d-----w- c:\program files\ERUNT
2011-01-01 17:13 . 2011-01-01 17:13 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-01-01 17:12 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-01 17:12 . 2011-01-01 17:12 -------- d-----w- c:\programdata\Malwarebytes
2011-01-01 17:12 . 2011-01-01 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-01 17:12 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-01 04:57 . 2011-01-01 07:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-31 18:10 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D57A3070-F0EB-40D8-A46D-3E0AF5FA3740}\mpengine.dll
2010-12-25 02:49 . 2010-12-25 02:49 -------- d-----w- c:\users\Public\Family Photos
2010-12-17 23:49 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-17 23:49 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-17 23:49 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-17 23:49 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 23:38 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-17 23:36 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 21:59 . 2010-12-16 22:00 -------- d-----w- c:\programdata\hCgDd06301
2010-12-09 07:17 . 2010-12-09 07:17 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-08 22:57 . 2010-09-02 16:17 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-12-08 22:54 . 2010-12-08 22:54 -------- d-----w- c:\windows\system32\kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-11-15 20:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 05:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-11-14 05:58 3913000 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"AutoLockProcess"="c:\acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2007-04-09 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-1-6 528384]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-07-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-10 79360]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-09-14 3996760]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [2007-04-09 22824]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [2006-11-27 85800]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-09-14 308656]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCSHIELD

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-24 19:22]

2011-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-24 19:22]
.
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\wpclsp.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 20:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-01-01 20:13:45
ComboFix-quarantined-files.txt 2011-01-02 04:13

Pre-Run: 46,951,804,928 bytes free
Post-Run: 46,887,346,176 bytes free

- - End Of File - - F4B00C7786CB0A8256B3288C27D598A7

My McAfee restarted after starting the scan, hope it didn't screw up the results.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Thank you for your help.

I ran the ESET scanner and it had found 1 count of adware. At completion an error message popped up and the computer did a restart???? I cannot find a log file with the name of the Adware in ESET program folders.
I ran another scan and nothing was found.
Would their be a log file under any other extension?

It's ok. Never mind the logfile.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Everything seems fine thanks to your help. Nothing has popped up. McAfee hasn't found anything, neither has Windows Defender. I am seriously considering another Virus Scanner due to the fact that this is the 3rd virus I've had to deal with running McAfee. (on 3rd computer)
I will recommend this forum to everyone.