how to get rid antivirus 2009

[delgado]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:44 PM, on 9/21/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [\SUE73BA.exe] C:\Windows\SUE73BA.exe
O4 - HKLM\..\Run: [\SUE7CBF.exe] C:\Windows\SUE7CBF.exe
O4 - HKLM\..\Run: [\SUE81DD.exe] C:\Windows\SUE81DD.exe
O4 - HKLM\..\Run: [\SUE85D3.exe] C:\Windows\SUE85D3.exe
O4 - HKLM\..\Run: [\SUE978F.exe] C:\Windows\SUE978F.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [64813512409585575315790004508932] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [\SUE73BA.exe] C:\Windows\SUE73BA.exe
O4 - HKCU\..\Run: [\SUE7CBF.exe] C:\Windows\SUE7CBF.exe
O4 - HKCU\..\Run: [\SUE81DD.exe] C:\Windows\SUE81DD.exe
O4 - HKCU\..\Run: [\SUE85D3.exe] C:\Windows\SUE85D3.exe
O4 - HKCU\..\Run: [\SUE978F.exe] C:\Windows\SUE978F.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: eNetHook.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9815 bytes

[evilfantasy]

Go to C:\Program Files\Spyware Doctor and see if you can find an uninstaller in there and uninstall Spyware Doctor. I don't see it listed in the uninstall list.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\Windows\SUE73BA.exe
C:\Windows\SUE7CBF.exe
C:\Windows\SUE81DD.exe
C:\Windows\SUE85D3.exe
C:\Windows\SUE978F.exe
C:\Windows\SUE73BA.exe
C:\Windows\SUE7CBF.exe
C:\Windows\SUE81DD.exe
C:\Windows\SUE85D3.exe
C:\Windows\SUE978F.exe
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Do you have your Vista install CD?

[delgado]

didnt see spydoctor but found morpheus toolbar hiding in there and deleted it downloading combofix now

[delgado]

ComboFix 08-09-22.06 - logan 2008-09-24  0:34:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.379 [GMT -4:00]
Running from: C:\Users\logan\Downloads\ComboFix.exe
Command switches used :: C:\Users\logan\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\Windows\SUE73BA.exe
C:\Windows\SUE7CBF.exe
C:\Windows\SUE81DD.exe
C:\Windows\SUE85D3.exe
C:\Windows\SUE978F.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\logan\AppData\Local\cageaew_navup.dat
C:\Windows\system32\x64

.
(((((((((((((((((((((((((   Files Created from 2008-08-24 to 2008-09-24  )))))))))))))))))))))))))))))))
.

2008-09-23 11:16 . 2007-02-21 19:56   49,904   --a------   C:\Windows\System32\drivers\BVRPMPR5.SYS
2008-09-22 15:11 . 2008-09-22 15:11   <DIR>   d--------   C:\Users\All Users\NortonInstaller
2008-09-22 15:11 . 2008-09-22 15:11   <DIR>   d--------   C:\ProgramData\NortonInstaller
2008-09-22 10:19 . 2008-09-22 12:43   <DIR>   d--------   C:\Users\logan\DoctorWeb
2008-09-21 19:45 . 2008-09-21 19:45   <DIR>   d--------   C:\Program Files\Sun
2008-09-21 15:36 . 2008-09-21 15:36   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-21 15:32 . 2008-09-21 15:32   <DIR>   d--------   C:\Windows\Sun
2008-09-21 12:46 . 2008-09-23 14:27   <DIR>   d--------   C:\Windows\System32\drivers\Avg
2008-09-21 12:46 . 2008-09-21 12:46   97,928   --a------   C:\Windows\System32\drivers\avgldx86.sys
2008-09-21 12:46 . 2008-09-21 12:46   69,128   --a------   C:\Windows\System32\drivers\avgwfpx.sys
2008-09-21 12:46 . 2008-09-21 12:46   10,520   --a------   C:\Windows\System32\avgrsstx.dll
2008-09-21 12:36 . 2008-09-21 12:36   <DIR>   d--------   C:\Users\All Users\SUPERAntiSpyware.com
2008-09-21 12:36 . 2008-09-21 12:36   <DIR>   d--------   C:\ProgramData\SUPERAntiSpyware.com
2008-09-21 12:35 . 2008-09-21 12:35   <DIR>   d--------   C:\Users\logan\AppData\Roaming\SUPERAntiSpyware.com
2008-09-21 12:35 . 2008-09-21 12:35   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-09-21 12:16 . 2008-09-21 12:16   <DIR>   d--------   C:\Program Files\CCleaner
2008-09-09 15:59 . 2008-07-30 19:47   4,247,552   --a------   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 15:59 . 2008-07-30 23:34   1,686,528   --a------   C:\Windows\System32\gameux.dll
2008-09-09 15:59 . 2008-07-30 23:34   28,160   --a------   C:\Windows\System32\Apphlpdm.dll
2008-09-09 15:58 . 2008-06-25 23:22   303,616   --a------   C:\Windows\System32\wmpeffects.dll
2008-08-28 02:37 . 2007-09-02 23:56   1,686,016   --a------   C:\Windows\System32\clinetsuitex6.ocx
2008-08-28 02:37 . 2004-06-14 17:56   427,864   --a------   C:\Windows\System32\XceedZip.dll
2008-08-27 21:51 . 2004-03-09 19:45   662,288   --a------   C:\Windows\System32\MSCOMCT2.OCX
2008-08-26 17:14 . 2008-08-26 17:14   19,200   --a------   C:\Windows\System32\drivers\mxRCycle.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 18:26   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-23 18:26   ---------   d-----w   C:\ProgramData\BVRP Software
2008-09-22 19:12   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-09-22 02:58   ---------   d---a-w   C:\ProgramData\TEMP
2008-09-21 23:43   ---------   d-----w   C:\Program Files\Java
2008-09-21 19:09   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 16:45   ---------   d-----w   C:\ProgramData\avg8
2008-09-21 16:33   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 16:09   ---------   d-----w   C:\ProgramData\Viewpoint
2008-09-10 07:04   38,528   ----a-w   C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03   17,200   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-08-22 18:00   29,600   ----a-w   C:\Windows\System32\mxntdfg.exe
2008-08-14 16:21   ---------   d-----w   C:\Program Files\Windows Mail
2008-08-09 05:37   ---------   d-----w   C:\Users\logan\AppData\Roaming\MySpace
2008-08-02 03:57   ---------   d-----w   C:\Program Files\Microsoft Windows OneCare Live
2008-07-31 03:34   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 02:41   ---------   d-----w   C:\Program Files\Google
2008-07-30 23:32   2,560   ----a-w   C:\Windows\AppPatch\AcRes.dll
2008-07-30 19:05   ---------   d-----w   C:\Users\logan\AppData\Roaming\Malwarebytes
2008-07-30 19:04   ---------   d-----w   C:\ProgramData\Malwarebytes
2008-07-30 16:36   ---------   d-----w   C:\Users\logan\AppData\Roaming\Download Manager
2008-07-30 06:16   ---------   d-----w   C:\Program Files\Enigma Software Group
2008-07-30 00:11   ---------   d-----w   C:\Users\logan\AppData\Roaming\Avanquest
2008-07-30 00:11   ---------   d-----w   C:\ProgramData\Avanquest
2008-07-30 00:09   ---------   d-----w   C:\ProgramData\CyberLink
2008-07-30 00:01   ---------   d-----w   C:\ProgramData\Spybot - Search & Destroy
2008-07-29 20:21   ---------   d-----w   C:\Program Files\Avanquest
2008-07-29 03:33   ---------   d-----w   C:\Program Files\Acer GameZone
2008-07-19 05:10   53,448   ----a-w   C:\Windows\System32\wuauclt.exe
2008-07-19 05:10   45,768   ----a-w   C:\Windows\System32\wups2.dll
2008-07-19 05:10   36,552   ----a-w   C:\Windows\System32\wups.dll
2008-07-19 05:09   563,912   ----a-w   C:\Windows\System32\wuapi.dll
2008-07-19 05:09   1,811,656   ----a-w   C:\Windows\System32\wuaueng.dll
2008-07-19 05:08   163,904   ----a-w   C:\Windows\System32\wuwebv.dll
2008-07-19 03:44   83,456   ----a-w   C:\Windows\System32\wudriver.dll
2008-07-19 03:44   31,232   ----a-w   C:\Windows\System32\wuapp.exe
2008-07-19 03:44   1,524,736   ----a-w   C:\Windows\System32\wucltux.dll
2008-07-15 23:48   2,048   ----a-w   C:\Windows\System32\tzres.dll
2008-07-10 17:13   174   --sha-w   C:\Program Files\desktop.ini
2008-06-27 03:54   826,368   ----a-w   C:\Windows\System32\wininet.dll
2008-06-27 03:54   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2008-06-27 03:54   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34   7,964,672   ----a-w   C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33   9,892,864   ----a-w   C:\Windows\System32\NlsLexicons000a.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-30 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 286720]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-21 1235736]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-03 535336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 19:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35E1504D-0C3D-4D91-A511-B7B221F76B97}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{DC800F1B-8AA6-44D8-86A9-53ECB87BA070}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{53D05FE2-1A08-4A0F-857E-C9683D4E147C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D443ADAE-32CC-49FE-8956-ABD796E68EF0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5B4EE116-1030-43EE-BF46-A6D02A97AB5E}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{FCA82B38-FD2D-4107-B1AF-A54572EADA40}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{D36AFAE5-E0E9-4F2B-9902-BE77772F9C2C}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{142BBA8E-8FC0-4B8B-B228-C1C705B8FEA6}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{C8F9504C-48AB-4FC2-A43D-11DBF4205506}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8A520869-B294-42F2-BF00-E08DDE3B45F7}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7DFCFC22-520E-483C-B22B-F72E58FEA2E8}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{102650FA-50AC-46CF-B01F-D296F08B5A1B}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{D05D548F-3880-49B2-A709-A41373E47C35}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{023572A0-541D-40C9-9451-38C553260CB4}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{7B5B36E2-C1AE-465F-BEC9-BDC01F763295}C:\\program files\\avanquest\\fix-it\\fix-it.exe"= UDP:C:\program files\avanquest\fix-it\fix-it.exe:Fix-It Utilities 8 Professional
"UDP Query User{4F07F327-ACBA-430F-ADB5-089D929AE211}C:\\program files\\avanquest\\fix-it\\fix-it.exe"= TCP:C:\program files\avanquest\fix-it\fix-it.exe:Fix-It Utilities 8 Professional

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-21 97928]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-21 69128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 00:42:20
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxsrvc.exe
C:\Users\logan\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-09-24  0:59:58 - machine was rebooted [logan]
ComboFix-quarantined-files.txt  2008-09-24 04:58:48

Pre-Run: 459,603,968 bytes free
Post-Run: 59,523,072 bytes free

234   --- E O F ---   2008-09-18 20:50:07

[delgado]

Thanks for being patient with me here's a new hjt scan                  Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:44 PM, on 9/21/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [\SUE73BA.exe] C:\Windows\SUE73BA.exe
O4 - HKLM\..\Run: [\SUE7CBF.exe] C:\Windows\SUE7CBF.exe
O4 - HKLM\..\Run: [\SUE81DD.exe] C:\Windows\SUE81DD.exe
O4 - HKLM\..\Run: [\SUE85D3.exe] C:\Windows\SUE85D3.exe
O4 - HKLM\..\Run: [\SUE978F.exe] C:\Windows\SUE978F.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [64813512409585575315790004508932] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [\SUE73BA.exe] C:\Windows\SUE73BA.exe
O4 - HKCU\..\Run: [\SUE7CBF.exe] C:\Windows\SUE7CBF.exe
O4 - HKCU\..\Run: [\SUE81DD.exe] C:\Windows\SUE81DD.exe
O4 - HKCU\..\Run: [\SUE85D3.exe] C:\Windows\SUE85D3.exe
O4 - HKCU\..\Run: [\SUE978F.exe] C:\Windows\SUE978F.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: eNetHook.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9815 bytes

[evilfantasy]

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

Try to boot into Normal mode.

[evilfantasy]

Do you have your Vista install disk?

[delgado]

yes gotta find it right quick

[delgado]

k got it what's next?

[evilfantasy]

Follow this guide. It isn't a reinstall it is only a repair.

How To Perform a Repair Installation For Vista

[delgado]

put disc in nothing happens

[delgado]

missed the     ( REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] )     registry merge , just ran it and it was a success

[evilfantasy]

Can you boot into Normal mode now?

I have asked someone else to help with advise on the repair install. It might take them a bit to get to this thread but shouldn't be too long.

[evilfantasy]

Also try this.

Press the Start/windows key, type msconfig and hit Enter. Under the Boot tab, uncheck Safe boot as a boot option.

Restart the computer and see if you can get into Normal mode.

[delgado]

safe boot is not checked here