When I started the machine, and when I restarted after Combofix, I got this RunDLL error box each time: "error loading c:\windows\system32\iyuv_32L.dll. Access is denied." I looked it up in msconfig.exe - Startup, and the startup item for that file is MVHNNYWSMU, and the manufacturer is unknown.
I will have my husband test during the next two days and will let you know if the problem is fixed.
Here's the new combofix log:
ComboFix 10-12-03.01 - leigh 12/04/2010 0:47.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1977.954 [GMT -5:00]
Running from: c:\users\leigh\Desktop\ComboFix.exe
Command switches used :: c:\users\leigh\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.
2010-12-04 05:54 . 2010-12-04 05:55 -------- d-----w- c:\users\leigh\AppData\Local\temp
2010-12-04 05:54 . 2010-12-04 05:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-04 05:54 . 2010-12-04 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 14:21 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47E9F56C-3463-4F3A-9C89-030DF828FE0A}\mpengine.dll
2010-12-01 20:12 . 2010-12-01 20:12 -------- d-----w- c:\windows\system32\RKUnhook120110
2010-11-25 03:32 . 2010-11-25 03:32 -------- d-----w- c:\program files\Interapple
2010-11-24 22:56 . 2010-11-24 22:56 -------- d-----w- c:\program files\Trend Micro
2010-11-20 19:04 . 2010-11-20 19:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-20 05:49 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-11-19 13:36 . 2010-11-19 13:36 -------- d-----w- c:\users\leigh\AppData\Roaming\Avira
2010-11-18 21:59 . 2010-11-22 14:03 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 21:59 . 2010-11-18 21:27 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-18 21:59 . 2010-11-18 21:59 -------- d-----w- c:\program files\Avira
2010-11-10 13:13 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 14:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-10 16:37 . 2010-10-13 12:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-13 12:33 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-13 12:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-13 12:33 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-13 12:33 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-13 12:34 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-13 12:34 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-13 12:34 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-13 12:34 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-13 12:34 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 20:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MVHNNYWSMU"="c:\windows\system32\iyuv_32L.dll" [2010-10-13 64000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-22 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-18 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^leigh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^leigh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 23:54 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 04:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 23:54 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-16 09:18 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-07-19 00:04 167936 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-06-20 00:52 6244896 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-26 17:06 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2835799940-606296060-655187663-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-16 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-19 61424]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-18 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-18 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-18 403624]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-31 93968]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-01 388096]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\leigh\AppData\Roaming\Mozilla\Firefox\Profiles\g190dpmk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\leigh\AppData\Roaming\Mozilla\Firefox\Profiles\g190dpmk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: NewTabURL: newtaburl@sogame.cat - c:\users\leigh\AppData\Roaming\Mozilla\Firefox\Profiles\g190dpmk.default\extensions\newtaburl@sogame.cat
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-12-04 00:55
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3848)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2010-12-04 00:58:40
ComboFix-quarantined-files.txt 2010-12-04 05:58
ComboFix2.txt 2010-12-02 03:48
ComboFix3.txt 2010-12-01 05:06
ComboFix4.txt 2010-10-23 03:21
ComboFix5.txt 2010-12-04 05:44
Pre-Run: 63,500,242,944 bytes free
Post-Run: 63,534,194,688 bytes free
- - End Of File - - C5BC1ED433B33AF3117707BD32651A7D