They say I need to delete it or they will cut off my connection but I don't know how. I'm currently using the AVG 9.0 free version and it won't shift it.

I was using Avast free version up to 2 weeks ago and it started warning me I had a rootkit.. which it couldn't delete, eventually Avast started shutting my laptop down all the time so I had to move to AVG, I don't think the rootkit was ever deleted.

The location of the Rootkit is C:\Windows\System32\drivers\womfscj.sys

Malware Bytes won't delete it either, thanks.

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

================================================== ==============

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Thanks Broni, DDS Logs..



DDS (Ver_10-03-17.01) - NTFSx86
Run by M at 13:41:50.68 on 02/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3068.1730 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Windows\ehome\ehsched.exe
C:\Users\MARKMC~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Users\Mark McL\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=0&o=vu32&d=0908&m=aspire_ 8930
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=0&o=vu32&d=0908&m=aspire_ 8930
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pinnacle Game Profiler] "c:\program files\kalinkosoft\pinnacle game profiler\pinnacle.exe" -atboottime
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\markmc~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\click-~1.lnk - c:\program files\click-n-type\Click-N-Type.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-1 243024]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/05/02 0310];c:\program files\acer arcade deluxe\playmovie\000.fcl [2010-5-2 87536]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/07 18:03:03];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-1 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-1 308136]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-28 75048]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-28 122368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [2008-9-28 280192]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-9-28 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-17 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101 x.sys [2008-5-26 40752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-17 85136]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-7-8 33792]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-7-8 10368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-7-22 27904]

=============== Created Last 30 ================

2010-07-02 02:15:54 0 d-----w- C:\SDFix
2010-07-01 21:55:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-01 21:55:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-01 21:55:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-01 21:55:26 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-01 21:17:41 0 d-----w- c:\windows\Internet Logs
2010-07-01 20:43:02 321838037 ----a-w- c:\windows\MEMORY.DMP
2010-07-01 20:41:43 0 d-----w- c:\users\markmc~1\appdata\roaming\CheckPoint
2010-07-01 20:26:37 144 ----a-w- c:\windows\system32\lkfl.dat
2010-07-01 20:24:27 0 d-----w- c:\programdata\CheckPoint
2010-07-01 20:23:16 363520 ----a-w- c:\program files\rkill.com
2010-06-24 07:00:27 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:00:27 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 07:00:27 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 07:00:27 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 07:00:27 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 07:45:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 07:45:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-19 11:05:25 0 d-----w- c:\program files\AVG
2010-06-19 11:05:14 0 d-----w- c:\programdata\avg9
2010-06-19 11:00:46 2131808 ----a-w- c:\program files\avg_free_stb_all_9_114_cnet.exe
2010-06-18 20:36:44 0 d-----w- c:\programdata\Alwil Software
2010-06-10 16:59:38 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 03:17:13 5588664 ----a-w- c:\program files\PoolSharksInstaller.exe

==================== Find3M ====================

2010-07-02 12:41:53 823808 ----a-w- c:\windows\system32\drivers\womfscj.sys
2010-07-02 12:33:53 89812 ----a-w- c:\programdata\nvModes.dat
2010-07-02 12:31:56 119296 ----a-w- c:\windows\system32\zlib.dll
2010-07-01 21:13:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-01 21:13:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-01 21:13:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:51:52 756 ----a-w- c:\program files\UnHackMe.lnk
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 17:32:33 1339288 ----a-w- c:\program files\sar_15_sfx.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 20:35:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 03:34:52 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-05 17:01:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2009-11-15 18:44:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-13 02:38:39 1096 ----a-w- c:\program files\Daniusoft MP3 WAV Converter.lnk
2009-08-05 2320 3278552 ----a-w- c:\program files\ccsetup222.exe
2009-07-27 17:01:35 974 ----a-w- c:\program files\RecordPad Sound Recorder.lnk
2009-07-27 17:01:31 942 ----a-w- c:\program files\WavePad Sound Editor.lnk
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-16 00:13:22 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\ local\temp\cookies\index.dat
2009-09-16 00:13:22 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\ local\temp\history\history.ie5\index.dat
2009-09-16 00:13:22 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\ local\temp\temporary internet files\content.ie5\index.dat
2009-10-14 21:39:46 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\ roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 13:42:27.34 ===============



DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 28/09/2008 19:07:00
System Uptime: 07/02/2010 13:35:54 (3480 hours ago)

Motherboard: Acer | | Aspire 8930
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | CPU | 2534/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 106.467 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 297.982 GiB free.
E: is FIXED (NTFS) - 139 GiB total, 139.399 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP97: 01/07/2010 21:33:07 - Removed AVG Free 9.0
RP98: 01/07/2010 21:33:58 - Installed AVG Free 9.0
RP99: 01/07/2010 22:53:14 - Installed AVG Free 9.0
RP101: 02/07/2010 00:02:23 - Configured Pinnacle Game Profiler

==== Installed Programs ======================

Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer Crystal Eye Webcam 3.0.6.3
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer VCM
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Alice Greenfingers
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43
AVerMedia A310 (MiniCard, DVB-T) 1.1.0.29
AVG Free 9.0
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCleaner
Chuzzle
Click-N-Type
CyberLink PowerDirector
CyberLink PowerDVD 9
DAL Scanner
Daniusoft MP3 WAV Converter(Build 2.0.25)
Diner Dash Flo on the Go
eSobi v2
Flip Words 2
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
ITECIR
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest Solitaire
JMicron JMB38X Flash Media Controller
Launch Manager
LightScribe 1.4.142.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
Microsoft XNA Framework Redistributable 3.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Orion
PhotoNow!
Pinnacle Game Profiler
PIXresizer 2.0.4
Pool Sharks 2.1
RealPlayer
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sophos Anti-Rootkit 1.5.0
Spelling Dictionaries Support For Adobe Reader 9
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
Turbo Pizza
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Sensors software
Veetle TV 0.9.15
VLC media player 1.0.2
WavePad Sound Editor
WIDCOMM Bluetooth Software 6.0.1.5000
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Movie Maker 2.6
Windows Sound Schemes
Xbox 360 Controller UI
Zattoo 3.3.4 Beta

==== Event Viewer Messages From Past Week ========

02/07/2010 13:36:42, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
02/07/2010 13:36:37, Error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the path specified.
02/07/2010 13:32:01, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00215D3F6DDC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/07/2010 22:47:24, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00215D3F6DDC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/07/2010 22:47:11, Error: EventLog [6008] - The previous system shutdown at 22:44:18 on 01/07/2010 was unexpected.
01/07/2010 2239, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
01/07/2010 22:20:31, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
01/07/2010 22:10:32, Error: EventLog [6008] - The previous system shutdown at 22:08:49 on 01/07/2010 was unexpected.
01/07/2010 21:57:56, Error: EventLog [6008] - The previous system shutdown at 2118 on 01/07/2010 was unexpected.
01/07/2010 21:46:56, Error: EventLog [6008] - The previous system shutdown at 21:45:16 on 01/07/2010 was unexpected.
01/07/2010 21:43:16, Error: EventLog [6008] - The previous system shutdown at 21:41:03 on 01/07/2010 was unexpected.
01/07/2010 21:26:37, Error: Service Control Manager [7030] - The ZoneAlarm ForceField IswSvc service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
01/07/2010 21:25:46, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
01/07/2010 17:42:11, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00A0D1ABD9B1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/07/2010 16:34:43, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.91.110.154 for the Network Card with network address 00215D3F6DDC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/07/2010 16:33:56, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00A0D1ABD9B1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/07/2010 1619, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00215D3F6DDC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
01/07/2010 14:46:12, Error: EventLog [6008] - The previous system shutdown at 14:39:31 on 01/07/2010 was unexpected.
01/07/2010 14:03:31, Error: EventLog [6008] - The previous system shutdown at 14:02:00 on 01/07/2010 was unexpected.

==== End Of File ===========================

Broni, when I tried to run Combo fix, I kept getting a window saying "The ComboFix.exe has stopped working" windows will check for a solution. It won't run.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try to run Combofix again.

Thanks, done all the above and ComboFix still won't run, would SD Fix do instead?

Exehelperlog is attatched.

Please, always paste all logs...

exeHelper by Raktor
Build 20100414
Run at 14:00:39 on 07/03/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

================================================== ==========

Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

Thanks done it, it said..

Hidden service detected!
Service name: womfscj
Image path:
Type "delete" (without quotes) to delete it:



*NB So I pressed enter like you said but it didn't produce a log, it did nothing.

Can an admin that's on help me with this tonight? thanks.

Can an admin that's on help me with this tonight?

??

Delete your TDSSKiller file, download fresh one and try to run it again.