Lingering bugs from Windows Antivirus Pro and Police Pro

Yes, the protection system started after trying to install the links above. The only problem I had was a box popping up saying that 'the host process for windows services has stopped working'. After trying to install the links above, I ended up with this system protection and the porn sites on the desktop, and I can't open anything that has to do with security.
Would you know what the individual files are associated with the system protection bug? Maybe I can delete them manually.

I found a list of the files associated with the system protection and I cannot delete wscvc32.exe or find ntoskrnl-hook. Any ideas?
I think that until I can get rid of the exe file, I'm going to continue having these problems of porn sites, not being able to open my security or scan software.

I was wondering if I should uninstall malwarebytes and then reinstall it, because I cannot run it as of right now.

I uninstalled malwarebytes and reinstalled it, and it crashes when I try to run it. Help please

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

I'll give it a shot. I have to right click on everything and run it as administrator.
I was looking through the pc last night because I couldn't delete the wscvc.exe file, and I was wondering if when in the properties dialog box, if the fact that their isn't an owner of the program listed and no permissions are granted, if that is why I can't delete it.

I would let it be until we see if its infected or not.

Here is the system look log file, that took a long time:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:42 on 06/09/2009 by Specter (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [07:53 11/04/2009] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\System32\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61

Searching for "netlogon.dll"
C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [07:55 11/04/2009] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\System32\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B

Searching for "eventlog.dll"
No files found.

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
  
  **Note**
  
  To optimize scanning time and produce a more sensible report for review:
  
  
• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
  

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

it says it will only run on a pc that has 32bit version of windows. Now what do I do. I could have sworn my pc windows version is a 32bit

And I can't shutoff my antivirus software as this virus won't let me get to them

You are running a 32bit operating system, hmm thats weird, see if you can do this instead:

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Uncheck (untick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

so, I'm doing the scan right now, and it has been on 5% for 11 minutes now. Is it supposed to take this long or is it stuck? The total scan time is still counting, so I was just wondering.

A box popped up saying it had quit working at 23 minutes and no log txt file was saved to my pc. Help please

Hello.
Are you able to run a scan with Mcafee?

yes, the last time I ran the scan, it only found 2 and that was yesterday. I don't think McAfee can find it, but I will try again.

I think if I could figure out how to run malwarebytes, it would help. Is there a backdoor way to get it to run?
I have tried uninstalling it, installing it, renaming it, saving it on a flash drive and then sending it to the desktop to install. This morning I put the installer in the startup folder hoping it would start and run upon startup, no such luck.
As of today, in order to open anything, I have to right click and run as administrator, I still can't get into my security center, it is saying a dll file is missing, malwarebytes crashes before it even starts.

The only good thing is I'm not getting any more fake security alerts and the porn sites have not popped up yet, but it is still early.
I'm going to try and run HiJackThis and if it works I will post the log here.

These are the ones I have questions about:
02 BHO (no name)
02 BHO Browser address error redirector
013 Gopher prefix
023 PrismXL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:31 PM, on 9/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.trafficswarm.com/cgi-bin/swarm.cgi?

704834&2d68374132e7e862d4931143b094c5cf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows

Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program

Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program

Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} -

C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-

76C02E2E7C4E} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-

A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} -

C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} -

C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program

Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"

/runkey
O4 - HKLM\..\Run: [B40750EF1C79949C] \\?\globalroot\systemroot\system32

\B40750EF1C79949C.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon

Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - Startup: mbam-setup.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3

-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -

file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%

20Angeles/Images/stg_drm.ocx
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -

http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstalle

r.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -

http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -

http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -

http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/w

in/QuickTimeInstaller.exe
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) -

http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) -

http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.

cab?1251411638447
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} (QuickBooks Online Edition

Import Utilities Class v6) -

https://accounting.quickbooks.com/c1/v21.123/qboimax6.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition

Utilities Class v10) - https://accounting.quickbooks.com/c1/v21.123/qboax10.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -

http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) -

http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant

2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} (Clue Control) -

http://www.worldwinner.com/games/v59/clue/clue.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) -

http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator)

- http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) -

http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program

Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google

Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin

Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -

C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program

Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking

Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division

Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner -

C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 14648 bytes

Hello.
I can barely read that. Please turn Word Wrap off.

See this image:


Post a new log with Word Wrap off.

These are the ones I have questions about:
02 BHO (no name)
02 BHO Browser address error redirector
013 Gopher prefix
023 PrismXL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:31 PM, on 9/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trafficswarm.com/cgi-bin/swarm.cgi?704834&2d68374132e7e862d4931143b094c5cf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [B40750EF1C79949C] \\?\globalroot\systemroot\system32\B40750EF1C79949C.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - Startup: mbam-setup.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/stg_drm.ocx
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251411638447
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} (QuickBooks Online Edition Import Utilities Class v6) - https://accounting.quickbooks.com/c1/v21.123/qboimax6.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c1/v21.123/qboax10.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} (Clue Control) - http://www.worldwinner.com/games/v59/clue/clue.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14648 bytes

Hello.

02 BHO (no name)
02 BHO Browser address error redirector

Both of them are empty items within the registry, you can fix them.

013 Gopher prefix

Is part of Vista, you can't remove it anyhow, just re-appears.

023 PrismXL

This one is more interesting. If you look at the line in HJT, you can see the company name. Their website here:
http://www.newboundary.com/

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Next,

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight Ask Toolbar
  
• Click on the Uninstall/Change button at the top.
  

Did you run MBAM? if so, please post the log.

If not, please try running it now.

Ok, did what you said, and I can't run MBAM, it crashes and says this:

Problem signature:
Problem Event Name: APPCRASH
Application Name: mbam.exe
Application Version: 1.40.0.0
Application Timestamp: 4a74a456
Fault Module Name: mbam.exe
Fault Module Version: 1.40.0.0
Fault Module Timestamp: 4a74a456
Exception Code: 80000003
Exception Offset: 00002fd0
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 62f3
Additional Information 2: c9d4c40a680b669dba468f72ec73b8fc
Additional Information 3: cd57
Additional Information 4: edd70c8330e9977f731b260694264aae

I have tried different ways to try and get it to run, and it does not work. I've also tried to run Kapersky and ESET scanners and they don't work either.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Ok, lets see if this works. I can't post the log, but maybe this will post.

GMER 1.0.15.15077 [r202sxgy.exe] - http://www.gmer.net
Rootkit scan 2009-09-07 20:29:05
Windows 6.0.6000


---- System - GMER 1.0.15 ----

Code 84D41838 ZwEnumerateKey
Code 84D5BF98 ZwFlushInstructionCache
Code 84A70D25 IofCallDriver
Code 84D5D3D6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82427F37 5 Bytes JMP 84A70D2A
.text ntkrnlpa.exe!IofCompleteRequest 82427FA4 5 Bytes JMP 84D5D3DB
PAGE ntkrnlpa.exe!ZwEnumerateKey 82537F06 5 Bytes JMP 84D4183C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 825E849F 5 Bytes JMP 84D5BF9C
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 86882ACF 5 Bytes JMP 84A70550
? System32\Drivers\an7gmgeg.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8072B604] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8072AABA] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8072B72E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8072AB82] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8072AC00] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8073DA9A] \SystemRoot\System32\Drivers\sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83F661D8
Device \FileSystem\fastfat \FatCdrom 84E411D8
Device \Driver\volmgr \Device\VolMgrControl 83B441D8
Device \Driver\00000457 \Device\00000050 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 84A721D8
Device \Driver\usbuhci \Device\USBPDO-1 84A721D8
Device \Driver\usbuhci \Device\USBPDO-2 84A721D8
Device \Driver\usbuhci \Device\USBPDO-3 84A721D8
Device \Driver\usbehci \Device\USBPDO-4 84A75980
Device \Driver\volmgr \Device\HarddiskVolume1 83B441D8
Device \Driver\volmgr \Device\HarddiskVolume2 83B441D8
Device \Driver\volmgr \Device\HarddiskVolume3 83B441D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83F651D8
Device \Driver\atapi \Device\Ide\IdePort0 83F651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 83F651D8
Device \Driver\atapi \Device\Ide\IdePort1 83F651D8
Device \Driver\atapi \Device\Ide\IdePort2 83F651D8
Device \Driver\atapi \Device\Ide\IdePort3 83F651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 83F651D8
Device \Driver\USBSTOR \Device\00000066 84D611D8
Device \Driver\volmgr \Device\HarddiskVolume4 83B441D8
Device \Driver\USBSTOR \Device\00000067 84D611D8
Device \Driver\USBSTOR \Device\00000069 84D611D8
Device \Driver\USBSTOR \Device\0000006a 84D611D8
Device \Driver\USBSTOR \Device\0000006b 84D611D8
Device \Driver\usbuhci \Device\USBFDO-0 84A721D8
Device \Driver\USBSTOR \Device\0000006c 84D611D8
Device \Driver\USBSTOR \Device\0000006d 84D611D8
Device \Driver\usbuhci \Device\USBFDO-1 84A721D8
Device \Driver\usbuhci \Device\USBFDO-2 84A721D8
Device \Driver\usbuhci \Device\USBFDO-3 84A721D8
Device \Driver\usbehci \Device\USBFDO-4 84A75980
Device \Driver\VClone \Device\Scsi\VClone1 83F641D8
Device \Driver\VClone \Device\Scsi\VClone1Port0Path0Target0Lun0 83F641D8
Device \Driver\an7gmgeg \Device\Scsi\an7gmgeg1 84BB4880
Device \FileSystem\fastfat \Fat 84E411D8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [736] 0x10000000
Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [828] 0x10000000
Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x10000000
Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [908] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\kbiwkmycwrtlmj.sys (*** hidden *** ) [SYSTEM] kbiwkmcxvdnpgy <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\kbiwkmpdljgpcy.sys (*** hidden *** ) [SYSTEM] kbiwkmvpsbcrra <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\UACpxbaewqipu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@imagepath \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmfrofusnf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@imagepath \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main@aid 10081
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmswcpxxdk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmwysdngkk.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmcvvcdrid.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkm.dat \systemroot\system32\kbiwkmjamyrajd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0xD8 0x9A 0x41 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8E 0xAF 0x7F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xDE 0xAF 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@imagepath \systemroot\system32\drivers\kbiwkmycwrtlmj.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmfrofusnf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@imagepath \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main@aid 10081
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmswcpxxdk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmwysdngkk.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmcvvcdrid.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkm.dat \systemroot\system32\kbiwkmjamyrajd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -40325308
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1539431237
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0xD8 0x9A 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8E 0xAF 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xDE 0xAF 0xE8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwmpfsmvbnv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvagjoxextr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACppypijkvdw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsbcplgasti.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@imagepath \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmfrofusnf.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@imagepath \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main@aid 10081
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main@sid 0
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmswcpxxdk.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmwysdngkk.dat
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmcvvcdrid.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkm.dat \systemroot\system32\kbiwkmjamyrajd.dat

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0xD8 0x9A 0x41 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8E 0xAF 0x7F ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xDE 0xAF 0xE8 ...
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwmpfsmvbnv.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvagjoxextr.dat
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACppypijkvdw.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsbcplgasti.dll

---- Files - GMER 1.0.15 ----

File C:\perflogs\System\Diagnostics\20090426-0002\UAC Settings.xml 1571 bytes
File C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\UACmd.exe 39776 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac1a26.tmp 49152 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac2250.tmp 31232 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac275f.tmp 44032 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac364d.tmp 53248 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac3eb6.tmp 2535424 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac5947.tmp 2005140 bytes
File C:\Users\Specter\AppData\Local\Temp\uac9e23.tmp 3478520 bytes
File C:\Users\Specter\AppData\Local\Temp\nscE67F.tmp\uac.dll 16896 bytes executable
File C:\Users\Specter\AppData\Local\Temp\nsk358F.tmp\uac.dll 16896 bytes executable
File C:\Users\Specter\AppData\Local\Temp\nsu3669.tmp\uac.dll 16896 bytes executable

---- EOF - GMER 1.0.15 ----

Geez, that's a long log file. I was having problems posting it because it was so big. I had to do it in parts.
Is this everything that is wrong with my pc, all the malware, or is it a log of everything that got scanned?

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
kbiwkmcxvdnpgy
kbiwkmvpsbcrra
UACd.sys

Drivers to delete:
kbiwkmcxvdnpgy
kbiwkmvpsbcrra
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\kbiwkmycwrtlmj.sys
C:\WINDOWS\system32\drivers\kbiwkmpdljgpcy.sys
C:\WINDOWS\system32\drivers\UACpxbaewqipu.sys

Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy
HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra
HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy
HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra
HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy
HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra
HKLM\SYSTEM\ControlSet009\Services\UACd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

I am going to have to save it to my flash drive, send it to my desktop and open it from there. That is the only way I am able to download anything, and most of the time I have to do it twice.
So I am hoping that this problem I am having with having to right click and run as admin to open things will cease. I'm also figuring out that when I open an email to read it, and then try to close the box, it won't close. I am so praying that this will fix my problems. I am an online college student in my bachelor's degree program right now, and it is annoying when I can't even open a word window.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Tue Sep 08 15:22:43 2009

15:21:43: Warning: Skipping potentially dangerous line:
"HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra" (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "adxiu3m1" found!
Could not open driver adxiu3m1 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

Driver "kbiwkmcxvdnpgy" disabled successfully.
Driver "kbiwkmvpsbcrra" disabled successfully.
Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Driver "kbiwkmcxvdnpgy" deleted successfully.
Driver "kbiwkmvpsbcrra" deleted successfully.
Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbiwkmycwrtlmj.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbiwkmpdljgpcy.sys" deleted successfully.

Error: could not delete file "C:\WINDOWS\system32\drivers\UACpxbaewqipu.sys"
Deletion of file "C:\WINDOWS\system32\drivers\UACpxbaewqipu.sys" failed!
Status: 0xc0000156

Registry key "HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra" deleted successfully.

Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet009\Services\UACd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Here is the malware log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

9/8/2009 3:59:29 PM
mbam-log-2009-09-08 (15-58-50).txt

Scan type: Quick Scan
Objects scanned: 93409
Time elapsed: 15 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreGuard2009) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desote.exe "%1" %*) Good: ("%1" %*) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\UACvqjkckrcao.dll (Rogue.Agent) -> No action taken.
C:\Windows\Temp\UAC7944.tmp (Rogue.Agent) -> No action taken.
C:\Users\Specter\AppData\Local\Temp\uac3eb6.tmp (Rogue.ProtectionSystem) -> No action taken.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACppypijkvdw.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACvagjoxextr.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACwmpfsmvbnv.dll (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

9/8/2009 4:01:12 PM
mbam-log-2009-09-08 (16-01-12).txt

Scan type: Quick Scan
Objects scanned: 93409
Time elapsed: 15 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreGuard2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desote.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\UACvqjkckrcao.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\UAC7944.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Users\Specter\AppData\Local\Temp\uac3eb6.tmp (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\UACppypijkvdw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\UACvagjoxextr.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\UACwmpfsmvbnv.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Cool, the pc is running somewhat normal. I still can't open and turn on my security center. I don't have to right click on anything to get it to run, just a normal click works. I'll check the rest that I was having problems and see what happens.
Thank you, we are on the right track.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on svchost.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

I don't know what happened, but combofix is on my desktop and i was not given the option to rename it, also it says that I have spybot and adware running. Yes I have spybot and no clue how to shut it off short of uninstalling it, and I uninstalled adaware when I first started having problems with my pc.

Hello.
See if you can run it without renaming it.

My McAfee is saying that combofix is an Artemis Trojan and won't let me download it. I have managed to get my malwarebytes and mcafee to run, I still can't turn on my windows defender though.

Uninstall Mcafee, it interferes way too much.

Due to lack of response, this topic is now closed.

If you need the topic reopened, PM an administrator or moderator.