AV Security Suite Trojan

My laptop is infected with this AV Security Suite which Ive found out is a fake antivrus trojan. It has stopped me from opening nearly all of my programmes including the anti malware ones so Im stuck with this. Secondly when I try and boot safe mode it simply goes back to normal mode and asks me to log in.
I would really appreciate any help with this.
Joel

To 'kill' the rogue/fake processes from running:

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
Link 1
Link 2
Link 3
Link 4

• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply

Next,
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

When I try and run any of these programmes the virus closes them and displays this message 'Application cannot be executed. The file combofix.exe is infected. Do you want to activate the antivirus software now?'
For any programme it just replaces the name of the one im trying to run.

Do this .. delete Combofix then,

Download Combofix from any of the links below but rename it to JHarrison.exe before saving it to your desktop.

Link 1
Link 2
Link 3


==================================


Double click on the renamed ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

I right clicked the download file link saved it as JHarrison.exe on my desktop and then downloaded it and its still not letting me open it. Ive been told that I may need to a run an anti virus programme using linux instead. It seems Ive exhausted all my other options.

Let's try another tool ... download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix. (right click and run as Administrator)
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Please be sure you are offline, disconnect your modem, then run JHarrison.exe

Ok when I run the exehelper it pops up with a black window which gets immediately closed down. Then the created .txt file shows this:
exeHelper by Raktor
Build 20100414
Then gets closed down by the virus too. The JHarrison.exe still does not work when disconnected from the internet.

Arrrgh! Okay, download http://oldtimer.geekstogo.com/OTL.exe to your desktop.

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
In the custom scan box paste the following:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s

Push the Run Scan button.

Two reports will open, copy and paste them in your next reply.
OTL.txt <-- Will be opened
Extra.txt<--Will be minimized in the task tray

It's not letting me open this either. Any .exe is being blocked by the virus when both offline and online.

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- this will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your new topic.

Joel, this is NOT an .exe file ... it's a .scr file that should run.

Hello Jacee,

Do you mind if we try OTH to see if this strain of this security suite knows about OTH, just to see how effective it still is, and to build up a better picture of what kills it?

Thanks!

Hello Joel,

I have included the canned speech below, but can you please not run it without Jacee's go ahead, as she is the one with the expertise, and is the one helping you.

Thanks!

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com http://download.blee...inler/rkill.com
* rkill.scr http://download.blee...inler/rkill.scr
* rkill.pif http://download.blee...inler/rkill.pif

Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

Click to expand...

EDIT: Oops, rkill came for a ride!

Please take a look at this guide for removing Av SecuritySuite
How to remove AV Security Suite (Uninstall Guide)

Ok new development. AVG managed to quarantine the part of the virus that was stopping me from opening anything. So I ran combofix after this and this is the log it produced:

ComboFix 10-08-20.01 - Joel 22/08/2010 11:49:10.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2814.2044 [GMT 1:00]
Running from: c:\users\Joel\Desktop\JHarrison.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Joel\AppData\Roaming\.#
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 11:03 . 2010-08-22 11:04 -------- d-----w- c:\users\Joel\AppData\Local\temp
2010-08-22 11:03 . 2010-08-22 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-20 17:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 17:35 . 2010-08-20 17:35 -------- d-----w- c:\programdata\Malwarebytes
2010-08-20 17:35 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 17:35 . 2010-08-20 17:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 15:59 . 2010-08-22 10:38 -------- d-----w- c:\users\Joel\AppData\Local\ppdqkjxaw
2010-08-12 12:18 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-10 10:05 . 2010-08-10 10:05 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-10 10:05 . 2010-08-10 10:05 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-10 10:03 . 2010-08-10 10:03 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-10 10:03 . 2010-08-10 10:03 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 10:41 . 2010-03-15 12:54 -------- d-----w- c:\users\Joel\AppData\Roaming\Skype
2010-08-22 10:39 . 2009-07-21 18:10 -------- d-----w- c:\users\Joel\AppData\Roaming\Spotify
2010-08-22 02:03 . 2010-01-09 00:29 0 ----a-w- c:\users\Joel\AppData\Local\prvlcl.dat
2010-08-20 15:07 . 2010-03-15 12:57 -------- d-----w- c:\users\Joel\AppData\Roaming\skypePM
2010-08-13 02:06 . 2009-03-16 00:21 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 02:03 . 2009-03-16 00:19 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 02:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 10:10 . 2010-06-03 16:48 -------- d-----w- c:\programdata\DivX
2010-08-10 10:10 . 2010-07-07 16:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-10 10:05 . 2009-11-26 16:32 -------- d-----w- c:\program files\DivX
2010-08-10 10:02 . 2010-07-07 13:59 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-10 10:02 . 2010-07-07 13:59 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-31 16:14 . 2009-10-25 09:50 -------- d-----w- c:\program files\YouTube Downloader
2010-07-17 11:32 . 2009-12-28 22:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 11:31 . 2010-07-17 11:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 11:31 . 2009-12-28 22:38 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-17 11:29 . 2009-12-28 22:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 15:30 . 2010-07-14 15:30 -------- d-----w- c:\program files\AC3Filter
2010-07-07 23:10 . 2009-11-27 22:23 -------- d-----w- c:\users\Joel\AppData\Roaming\DivX
2010-07-07 13:59 . 2010-03-15 10:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-07 13:59 . 2010-07-07 13:59 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-07 13:59 . 2010-07-07 13:59 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-07 13:58 . 2010-07-07 13:58 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-07 13:57 . 2010-07-07 13:57 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-07 13:57 . 2010-07-07 13:57 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-07 13:57 . 2010-07-07 13:57 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-07 13:57 . 2010-07-07 13:57 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-07 13:57 . 2010-07-07 13:57 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-28 16:17 . 2010-08-12 12:17 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-21 13:18 . 2010-08-12 12:17 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-12 12:17 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-12 12:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-12 12:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 23:44 . 2009-08-01 16:08 680 ----a-w- c:\users\Joel\AppData\Local\d3d9caps.dat
2010-06-16 15:59 . 2010-08-12 12:17 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 15:31 . 2010-08-12 12:17 274432 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 15:30 . 2010-08-12 12:17 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:00 . 2010-08-12 12:17 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 17:00 . 2010-08-12 12:17 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 10:47 . 2009-12-28 22:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 16:16 . 2010-06-12 22:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-12 22:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-07-27 22:23 . 2010-02-12 17:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-10-28 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-09 249600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-02-06 686624]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-27 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-2 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-27 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-28 721904]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-17 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-12 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-22 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-02-06 653856]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-03-09 44800]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-17 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-17 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-17 27216]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0309&m=aspire_5536
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\ybl0lag9.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Joel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
HKCU-Run-ajjbyoao - c:\users\Joel\AppData\Local\ppdqkjxaw\wxnytnxshdw.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-22 12:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Joel\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-22 12:08:26
ComboFix-quarantined-files.txt 2010-08-22 11:08

Pre-Run: 65,438,601,216 bytes free
Post-Run: 66,981,879,808 bytes free

- - End Of File - - 76351044D12D659FD2506E022AF0F852

I can now open all my programmes, Adobe flash player is back up and running, and there are no signs of the virus on my desktop or icon bar in the bottom right.

Progress! :D

Please download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.46 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

Ok the malwarebytes scan found 2 things and theyve both been removed and this is the log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4462

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22/08/2010 22:54:18
mbam-log-2010-08-22 (22-54-18).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 286721
Time elapsed: 2 hour(s), 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Joel\Downloads\vuzesetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

You had a 'backdoor Trojan' ... what you need to do is, change all of your passwords using a known 'clean computer, not the one that was infected. If you have used any 'critical information, such as credit cards or online banking, your Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security - dslreports.com
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security - dslreports.com
If you choose to format and reinstall see this link for instructions:
Windows: reformat and reinstall - Cyberwalker.com

Please do this ... we're going to flush your DNS cache and restore MS's Hosts file

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator.. your computer will reboot itself.

Now download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

A reboot is required to finish cleaning the temps.

Please run an online Virus scan with DrWeb CureIt! Dr.Web CureIt! &mdash; download free anti-virus! Cure viruses, Best free anti-virus scanner!
Save the log, then copy and paste it back here.

Will I lose any files by doing this?

By doing what? You will lose all files by wiping and clean installing Windows. (have you backed up your important files?)
Following my other instructions, you won't lose anything ...