Solved trojan-proxy.fackemo.v

[Resolved] trojan-proxy.fackemo.v

can any one help me get rid of this virus? my anti-virus detects it when i load IE (but the anti-virus does'nt detect it when i load FF) and deletes it but later on my computer freezes again, then when i turn off and restart the computer, load IE, the same thing happens, it's detected and deleted, but each time it comes back it has a different file name like this, C:\Windows\Temp\TMP00000058340E0F82FA622C3F this was the last to be deleted, i have done a spyware scan and that got a different trojan, which was deleted,please help!

 

i have downloaded both DDS and all i get when i open them is a command window, am i doing something wrong?

 

trojan-proxy.win32.fackemo.v

DDS (Ver_09-07-30.01) - NTFSx86
Run by ricky at 20:36:39.30 on 01/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2301.864 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: PCguard Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
D:\DiscWizardMonitor.exe
D:\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Users\ricky\Gmail Notifier\gnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Virgin Broadband\PCguard\Kav\Bin\ScanningProcess.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ricky\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
uSEARCH PAGE = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DiscWizardMonitor.exe] D:\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] D:\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\users\ricky\gmail notifier\gnotify.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: eNetHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\ricky\appdata\roaming\mozilla\firefox\profiles\qmh8qvj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\users\ricky\appdata\roaming\mozilla\firefox\profiles\qmh8qvj3.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\users\ricky\appdata\roaming\mozilla\firefox\profiles\qmh8qvj3.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ricky\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\ricky\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [2007-12-1 264320]

=============== Created Last 30 ================

2009-08-31 19:44 <DIR> --d----- c:\users\ricky\Gmail Notifier
2009-08-28 14:29 299,346,241 a------- c:\windows\MEMORY.DMP
2009-08-28 12:54 20 a------- c:\windows\system32\SYSTEM
2009-08-28 11:56 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-28 11:56 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-28 11:56 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-28 11:56 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-28 11:56 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-28 11:56 270,848 a------- c:\windows\system32\schannel.dll
2009-08-28 11:56 72,704 a------- c:\windows\system32\secur32.dll
2009-08-28 11:56 9,728 a------- c:\windows\system32\lsass.exe
2009-08-28 11:23 131,144 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-28 11:23 9,872,160 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-28 11:19 36 a------- c:\windows\system32\????????????????????????????????????g
2009-08-28 11:15 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-08-28 11:14 <DIR> --d----- c:\programdata\Raxco
2009-08-28 11:14 <DIR> --d----- c:\program files\Raxco
2009-08-28 10:09 2,048 a------- c:\windows\system32\tzres.dll
2009-08-22 16:03 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-22 16:03 1,409 a------- c:\windows\QTFont.for
2009-08-13 11:18 71,680 a------- c:\windows\system32\atl.dll
2009-08-13 11:18 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-13 11:18 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-13 11:18 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-13 11:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-13 11:18 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-13 11:18 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-13 11:18 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-13 11:18 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-13 11:18 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-13 11:18 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-08-28 11:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-28 11:17 143,360 a------- c:\windows\inf\infstor.dat
2009-08-28 11:17 86,016 a------- c:\windows\inf\infpub.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-17 10:30 306,432 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-01-21 11:41 87,608 a------- c:\users\ricky\appdata\roaming\inst.exe
2009-01-21 11:41 47,360 a------- c:\users\ricky\appdata\roaming\pcouffin.sys
2008-06-14 00:43 174 a--sh--- c:\program files\desktop.ini
2008-06-14 00:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-03 01:53 142 a------- c:\users\ricky\BackupResult.DAT
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-12-04 20:25 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-12-04 20:25 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-12-04 20:25 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:39:25.98 ===============

 

trojan-proxy.win32.fackemo.v

Inoticed that about norton and pc guard, well when i bought this laptop it had a free trial norton installed on it but when the free trial was up i deleted it and installed pc guard as it is from my ISP, so i don't know how it is running as norton is'nt in my programmes, here's that other log, sorry about this.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13/06/2007 11:05:19
System Uptime: 09/01/2009 16:44:00 (5644 hours ago)

Motherboard: Acer | | TravelMate 5520
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | Socket M2/S1G1 | 1700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 55 GiB total, 0.368 GiB free.
D: is FIXED (NTFS) - 47 GiB total, 32.125 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: isatap.{D8EFF10D-22E9-41CD-9277-DC84295BBBEA}
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.{D8EFF10D-22E9-41CD-9277-DC84295BBBEA}
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: isatap.{1C08460A-E2CC-44FE-93CA-663451C4B4E3}
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: isatap.{1C08460A-E2CC-44FE-93CA-663451C4B4E3}
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: isatap.{D8EFF10D-22E9-41CD-9277-DC84295BBBEA}
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: isatap.{D8EFF10D-22E9-41CD-9277-DC84295BBBEA}
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0013
Manufacturer: Microsoft
Name: isatap.{1A245D8A-DACB-4147-A439-BED6A254308B}
PNP Device ID: ROOT\*ISATAP\0013
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0014
Manufacturer: Microsoft
Name: isatap.{1A245D8A-DACB-4147-A439-BED6A254308B}
PNP Device ID: ROOT\*ISATAP\0014
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0015
Manufacturer: Microsoft
Name: isatap.{1C08460A-E2CC-44FE-93CA-663451C4B4E3}
PNP Device ID: ROOT\*ISATAP\0015
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0016
Manufacturer: Microsoft
Name: isatap.{1A245D8A-DACB-4147-A439-BED6A254308B}
PNP Device ID: ROOT\*ISATAP\0016
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0022
Manufacturer: Microsoft
Name: isatap.{ADB8C7E6-682D-4877-8DC9-41B5BB2102E4}
PNP Device ID: ROOT\*ISATAP\0022
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

3 USB Modem
4oD
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 9
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
ag_jack-o-lanterns Screen Saver
Apple Software Update
Ashampoo Magical Defrag
ATI Catalyst Install Manager
ATI Uninstaller
Avanquest SendPhotos
Avanquest update
Bingo Cafe UK
Bluesoleil3.2.2.8 Release 070421
Business Contact Manager for Outlook 2007 SP1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help English
Choice Guard
ConvertXtoDVD 2.2.3.258
Drive Manager
DriverMax 4
DVD Flick 1.3.0.6
Eraser
getPlus(R) for Adobe
Google Gmail Notifier
Google Talk Plugin
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
Junk Mail filter update
Launch Manager
LightScribe 1.4.142.1
Live Mesh
Live Mesh Remote Desktop Service
magicalhalloween_3102797 Screen Saver
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Small Business Connectivity Components
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
O&O DiskImage
O2Micro Flash Memory Card Reader Driver Installer(x86)
OpenOffice.org 2.4
Paragon Hard Disk Manager 9.5 Special Edition
PDF Settings
PerfectDisk 2008
Performance Center
PowerDVD
PowerISO
QuickTime
Realtek High Definition Audio Driver
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
scaryblackcat_3102800 Screen Saver
Screenshot Captor 2.53.01
Seagate*DiscWizard
Security Update for CAPICOM (KB931906)
Skins
Skypeâ„¢ 3.8
Smart Menus (Windows Live Toolbar)
Sony Ericsson PC Suite 3.108.00
Spotify
SpyZooka
Synaptics Pointing Device Driver
TripAdvisor Screensaver
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
V Stuff Backup v1.0.0.12705
Virgin Broadband advisor 1.5.24
Virgin Broadband PCguard
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
World of Warcraft FREE Trial
Yahoo! Toolbar
Zattoo 3.3.4 Beta

==== End Of File ===========================

 

trojan-proxy.win32.fackemo.v

thanks for getting back broni, i am using pc guard antivirus, it also has firewall,antispyware,indentity theft,privacy manager,pop up blocker and parental control, it has phone support, local, as well but still send me the ones you think may be better as this all seemed to happen when i upgraded pc guard to the newer version, i spoke to virginmedia support, told them what was happening since upgraded that day 28th/08/09 they were to get back to me but haven't as yet, broni just while i'm on, today after looking thru your site i read something similar to mine were you said about combofix, so i tried it earlier to have a look at it and am sending that log, if you prefer a fresh one i will do that, it said it would perform a restore point and that needs space, i looked at c:\ disk which had only 42mb left on it, it had over10gb on the 28th, so i made a bit of space to 450mb and having looked again it's gone up to over 5gb, any idea whats going on? here are those logs.ComboFix 09-09-01.04 - ricky 02/09/2009 13:13.1.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2301.999 [GMT 1:00]
Running from: c:\users\ricky\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: PCguard Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1972994496-191894681-3689757596-500
c:\users\ricky\AppData\Roaming\inst.exe
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 12:34 . 2009-09-02 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-31 18:44 . 2009-08-31 18:44 -------- d-----w- c:\users\ricky\Gmail Notifier
2009-08-28 10:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-28 10:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-28 10:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-28 10:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-28 10:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-28 10:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-28 10:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-28 10:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-28 10:23 . 2009-09-02 12:34 10062112 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-28 10:15 . 2008-08-28 12:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-08-28 10:14 . 2009-08-28 10:14 -------- d-----w- c:\programdata\Raxco
2009-08-28 10:14 . 2009-08-28 10:14 -------- d-----w- c:\program files\Raxco
2009-08-28 10:06 . 2009-08-28 10:08 81348096 ----a-w- c:\users\ricky\AppData\Roaming\Virgin Broadband\advisor\downloads\PCguard_8.41.exe.dir\PCguard_8.exe
2009-08-28 09:10 . 2009-08-28 09:10 1519968 ----a-w- c:\users\ricky\AppData\Roaming\Virgin Broadband\advisor\downloads\advisor.41.exe.dir\advisor.exe
2009-08-28 09:09 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-13 10:18 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 10:18 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 10:18 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 10:18 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 10:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 10:18 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 10:18 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 10:18 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 20:02 . 2009-08-28 10:23 135032 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-01 16:08 . 2008-06-28 07:00 -------- d-----w- c:\program files\SpyZooka
2009-08-31 17:13 . 2008-08-12 17:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 19:56 . 2008-06-28 19:58 -------- d-----w- c:\users\ricky\AppData\Roaming\Spyzooka
2009-08-28 10:20 . 2007-12-10 20:24 -------- d-----w- c:\users\ricky\AppData\Roaming\Virgin Broadband
2009-08-28 10:14 . 2007-12-10 20:24 -------- d-----w- c:\program files\Virgin Broadband
2009-08-28 10:14 . 2007-12-10 20:24 -------- d-----w- c:\programdata\Virgin Broadband
2009-08-28 10:14 . 2007-05-03 03:19 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-16 11:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 15:10 . 2008-03-08 20:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 16:19 . 2008-05-02 09:03 -------- d-----w- c:\users\ricky\AppData\Roaming\OpenOffice.org2
2009-07-29 16:15 . 2008-05-02 09:04 1 ----a-w- c:\users\ricky\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-22 11:20 . 2009-03-20 10:58 -------- d-----w- c:\users\ricky\AppData\Roaming\Spotify
2009-07-21 21:52 . 2009-07-31 12:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-31 12:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-31 12:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-31 12:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-17 09:30 . 2009-04-18 12:14 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-15 15:24 . 2009-07-15 16:54 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 16:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 16:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 16:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 10:10 . 2009-05-26 12:53 680 ----a-w- c:\users\ricky\AppData\Local\d3d9caps.dat
2009-06-09 11:34 . 2009-06-09 11:34 25214 ----a-r- c:\users\ricky\AppData\Roaming\Microsoft\Installer\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-06-09 11:34 . 2009-06-09 11:34 25214 ----a-r- c:\users\ricky\AppData\Roaming\Microsoft\Installer\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}\PHDM2009S_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-06-09 11:34 . 2009-06-09 11:34 10134 ----a-r- c:\users\ricky\AppData\Roaming\Microsoft\Installer\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oodishi]
@= "{14A94384-BBED-47ed-86C0-6BF63FD892D0} "
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2007-11-29 00:11 111872 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408]
"V Stuff Backup "= "c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-13 457728]
"LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"DiscWizardMonitor.exe "= "D:\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor "= "D:\TimounterMonitor.exe" [2008-06-24 904768]
"Seagate Scheduler2 Service "= "c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Google Quick Search Box "= "c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-20 68592]
"Broadbandadvisor.exe "= "c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\users\ricky\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-4 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx "=c:\program files\Kontiki\KHost.exe -all
"Skype "= "c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"ehTray.exe "=c:\windows\ehome\ehTray.exe
"WMPNSCFG "=c:\program files\Windows Media Player\WMPNSCFG.exe
"JFSW2Launch "=c:\users\ricky\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
"Eraser "=d:\eraser\Eraser.exe -hide
"swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Google Update "= "c:\users\ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD "= "c:\program files\Kontiki\KHost.exe" -all
"basicsmssmenu "= "c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe "
"Skytel "=Skytel.exe
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"SynTPEnh "=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RtHDVCpl "=RtHDVCpl.exe
"Performance Center "=c:\program files\Ascentive\Performance Center\ApcMain.exe -m
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"MSConfig "= "c:\windows\System32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1972994496-191894681-3689757596-1003]
"EnableNotificationsRef "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDB0D729-BA62-4C77-8638-746EF056C039} "= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{1DEA81B7-AF88-4713-9270-47739FEA41D7}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe "= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"UDP Query User{0B1D35B6-23F8-450B-B554-8C4470C123B6}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe "= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"{CC12B615-FD9E-4BF4-BA93-4DB79AF8A2A4} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{F6107757-D871-4163-A7F7-9B9D0315026A} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{C3247BB2-52B8-4285-8035-02949D087F56}c:\\program files\\bitcomet\\bitcomet.exe "= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{1F974184-4D69-4F53-9947-149B02116218}c:\\program files\\bitcomet\\bitcomet.exe "= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{84573D15-B8E5-46CA-A4D4-4B482C5E6B56}c:\\program files\\bitcomet\\bitcomet.exe "= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2F52DE9F-EC85-4253-8D0B-F1881BBF39B6}c:\\program files\\bitcomet\\bitcomet.exe "= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{9C2A8F54-F64A-474B-8B3A-688221C47C58} "= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{B61844DB-1082-44F2-B744-BE1BD09B979E} "= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"TCP Query User{A5DA5E01-7984-44D4-A9A9-01C6D45BDD4F}c:\\program files\\kontiki\\khost.exe "= UDP:c:\program files\kontiki\khost.exeelivery Manager
"UDP Query User{CDD4750F-25AA-488C-9867-917E976C9EE9}c:\\program files\\kontiki\\khost.exe "= TCP:c:\program files\kontiki\khost.exeelivery Manager
"{C11B70F9-B891-44F1-BEF9-C550E2629534} "= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{F72E0B4B-ACC4-4FEA-8BFF-3502AD75210E} "= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"TCP Query User{4E713FD3-5F98-4D9D-BCF0-0690B5783C6C}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5AAF3438-539F-4794-B291-AF3C1BF9930E}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C03F452C-D875-4013-B8A6-C35CE75B026F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4D3B0B5D-5E2E-4589-91F7-40CF56F9280A} "= UDP:c:\program files\SpyZooka\SpyZookaLdr.exe:SpyZooka 2.5
"{C824D7F2-F4E4-47BD-BBA9-2E45AE3F93AB} "= TCP:c:\program files\SpyZooka\SpyZookaLdr.exe:SpyZooka 2.5
"{852337EF-013C-40EE-842C-D81B053AB7B6} "= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6C2C1527-2436-4D74-86A2-C13080967CFA} "= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{382D5DB8-BC09-4434-B70A-D4AD3AEA7299} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{9AAF9BDD-0CE4-4FFC-8C2B-76B3054559BC} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{C469E814-EDDF-40D9-859E-B5F0610D7B94}c:\\program files\\sony ericsson\\update service\\update service.exe "= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{7E26AA99-4189-4C0D-AB5D-7AB5976E54E1}c:\\program files\\sony ericsson\\update service\\update service.exe "= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{ECF95C4E-4A1C-44D8-A920-A2A60C94E1AE}c:\\program files\\sony ericsson\\new folder\\update service\\update service.exe "= UDP:c:\program files\sony ericsson\new folder\update service\update service.exe:Update Service
"UDP Query User{39CBF34E-6BCC-4700-B92F-43343AB79E50}c:\\program files\\sony ericsson\\new folder\\update service\\update service.exe "= TCP:c:\program files\sony ericsson\new folder\update service\update service.exe:Update Service
"TCP Query User{2B52019B-B76D-43B1-B53A-C08EDB42BA52}c:\\program files\\spotify\\spotify.exe "= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{FAF3EA4D-50CC-4AB8-BA2F-B312443CE22E}c:\\program files\\spotify\\spotify.exe "= TCP:c:\program files\spotify\spotify.exe:Spotify
"{1AB00EEB-A38C-4EF0-A65D-7CF05BE3D1DA} "= UDP:c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe:Live Mesh Remote Desktop
"{8A9C1795-E34E-4A2B-BE32-F7856D595CA3} "= TCP:c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe:Live Mesh Remote Desktop
"{166C9EDD-66C7-4D4E-879A-AA6BDE5F7CB6} "= UDP:c:\users\ricky\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe:Live Mesh
"{8208F557-551A-40E8-A6C8-FB5B1874CA26} "= TCP:c:\users\ricky\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe:Live Mesh
"{ABA76F6E-696C-4F53-90F0-56017EE0FAF4} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C94ADED9-8B3B-4DBC-B137-90238FA89CB9}d:\\zattoo\\zattood.exe "= UDP:d:\zattoo\zattood.exe:zattood
"UDP Query User{4BF0BF6F-87A1-437D-B878-7BB5F6A32082}d:\\zattoo\\zattood.exe "= TCP:d:\zattoo\zattood.exe:zattood
"{E91CE3E4-295E-405D-8A44-BC3A46103B49} "= UDP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{89E37C4B-4A7A-448A-8091-5E56E9884DBF} "= TCP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{6A8A0D48-2609-47AD-9116-6DFA7C923EDE} "= UDP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{17417811-139B-45AF-AF43-6D32813E7430} "= TCP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{518CDBE0-0953-40A8-9269-BF5753D3808C} "= UDP:d:\limewire\LimeWire.exe:LimeWire
"{EBDDD01E-8CDF-472E-BEA7-D2804FB18A43} "= TCP:d:\limewire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

R0 hotcore3;Hotcore helper;c:\windows\System32\drivers\hotcore3.sys [09/06/2009 12:34 40496]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [03/04/2007 18:04 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [03/04/2007 00:11 35712]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\System32\drivers\oodisr.sys [29/11/2007 01:17 93192]
R0 oodisrh;oodisrh;c:\windows\System32\drivers\oodisrh.sys [29/11/2007 01:17 28168]
R0 oodivd;O&O DiskImage Virtual Disk Driver;c:\windows\System32\drivers\oodivd.sys [29/11/2007 01:17 127496]
R0 oodivdh;oodivdh;c:\windows\System32\drivers\oodivdh.sys [29/11/2007 01:18 26632]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 18:50 30312]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [24/06/2008 19:56 431384]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [01/12/2008 16:25 42304]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [14/11/2008 18:28 29248]
R3 RDPDISPM;RDPDISPM;c:\windows\System32\drivers\rdpdispm.sys [11/12/2008 14:06 10056]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [01/12/2007 15:51 264320]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [01/04/2009 14:52 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [03/09/2008 23:15 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [22/08/2008 23:49 13352]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\System32\drivers\pixmcvc.sys [03/06/2004 22:10 33792]
S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\System32\drivers\pixmcva.sys [20/03/2004 06:27 38144]
S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\System32\drivers\pixmcvv.sys [27/03/2004 02:56 32768]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 175184]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 14:54 52080]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [01/01/2008 21:44 80744]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972994496-191894681-3689757596-1003.job
- c:\users\ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-10 13:04]

2009-05-13 c:\windows\Tasks\SendPhotos Download from Web.job
- c:\program files\Avanquest\Avanquest SendPhotos\PhotoSync.exe [2009-05-12 16:53]

2009-05-13 c:\windows\Tasks\SendPhotos Send to Web.job
- c:\program files\Avanquest\Avanquest SendPhotos\PhotoBackup.exe [2009-05-12 16:53]

2009-09-02 c:\windows\Tasks\User_Feed_Synchronization-{95F3B5FB-F483-44D7-BF6A-4DC6F76F6616}.job
- c:\windows\system32\msfeedssync.exe [2009-07-31 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ricky\AppData\Roaming\Mozilla\Firefox\Profiles\qmh8qvj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\users\ricky\AppData\Roaming\Mozilla\Firefox\Profiles\qmh8qvj3.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\users\ricky\AppData\Roaming\Mozilla\Firefox\Profiles\qmh8qvj3.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ricky\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\ricky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 13:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\eNetHook.dll
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-09-02 13:40
ComboFix-quarantined-files.txt 2009-09-02 12:40

Pre-Run: 854,839,296 bytes free
Post-Run: 6,008,889,344 bytes free

323 --- E O F --- 2009-08-31 08:54Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:40, on 02/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Launch Manager\LManager.exe
D:\DiscWizardMonitor.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
D:\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Users\ricky\Gmail Notifier\gnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] D:\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Users\ricky\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [V Stuff Backup] "C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" /delayed
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Virgin Broadband PCguard (Radialpoint Security Services) - Radialpoint SafeCare Inc. - C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
O23 - Service: Virgin Broadband PCguard SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10731 bytes

 

trojan-proxy.win32.fackemo.v

I have done what you asked me to do and have used comodo av and firewall, windows firewall seems to have reestablished itself, is this alright? as you asked me to turn it off when installing comodo. here are those logs and i've put in the results of the av scan, thanks.

ComboFix 09-09-02.02 - ricky 03/09/2009 13:57.2.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2301.1134 [GMT 1:00]
Running from: c:\users\ricky\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-03 13:14 . 2009-09-03 13:14 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2009-09-03 13:14 . 2009-09-03 13:14 -------- d-----w- c:\users\TEMP.ricky-PC\AppData\Local\temp
2009-09-03 13:14 . 2009-09-03 13:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-03 13:14 . 2009-09-03 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-03 08:52 . 2009-09-03 12:47 145328 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-09-03 08:47 . 2009-09-03 08:47 -------- d-----w- c:\users\ricky\AppData\Local\Comodo
2009-09-03 08:47 . 2009-09-03 08:47 -------- d-----w- c:\users\ricky\AppData\Roaming\Comodo
2009-09-03 08:47 . 2009-09-03 08:47 -------- d-----w- c:\program files\Comodo
2009-09-03 08:42 . 2009-09-03 08:56 -------- d-----w- c:\programdata\Comodo
2009-09-03 08:42 . 2009-09-03 08:42 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-03 08:42 . 2009-09-03 08:42 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-03 08:42 . 2009-09-03 08:42 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-03 08:42 . 2009-09-03 08:42 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-03 06:18 . 2009-09-03 06:18 -------- d-----w- c:\programdata\NortonInstaller
2009-08-31 18:44 . 2009-08-31 18:44 -------- d-----w- c:\users\ricky\Gmail Notifier
2009-08-28 10:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-28 10:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-28 10:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-28 10:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-28 10:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-28 10:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-28 10:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-28 10:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-28 10:23 . 2009-09-03 08:36 10357792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-28 10:06 . 2009-08-28 10:08 81348096 ----a-w- c:\users\ricky\AppData\Roaming\Virgin Broadband\advisor\downloads\PCguard_8.41.exe.dir\PCguard_8.exe
2009-08-28 09:09 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-13 10:18 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 10:18 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 10:18 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 10:18 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 10:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 10:18 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 10:18 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 10:18 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 08:49 . 2008-01-08 21:15 -------- d-----w- c:\programdata\Kontiki
2009-09-03 08:36 . 2009-08-28 10:23 140576 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-03 08:35 . 2007-12-10 20:24 -------- d-----w- c:\programdata\Virgin Broadband
2009-09-03 08:35 . 2007-12-10 20:24 -------- d-----w- c:\users\ricky\AppData\Roaming\Virgin Broadband
2009-09-03 06:20 . 2007-05-04 22:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-01 16:08 . 2008-06-28 07:00 -------- d-----w- c:\program files\SpyZooka
2009-08-31 17:13 . 2008-08-12 17:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 19:56 . 2008-06-28 19:58 -------- d-----w- c:\users\ricky\AppData\Roaming\Spyzooka
2009-08-28 10:14 . 2007-05-03 03:19 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-16 11:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 15:10 . 2008-03-08 20:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 16:19 . 2008-05-02 09:03 -------- d-----w- c:\users\ricky\AppData\Roaming\OpenOffice.org2
2009-07-29 16:15 . 2008-05-02 09:04 1 ----a-w- c:\users\ricky\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-22 11:20 . 2009-03-20 10:58 -------- d-----w- c:\users\ricky\AppData\Roaming\Spotify
2009-07-21 21:52 . 2009-07-31 12:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-31 12:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-31 12:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-31 12:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-17 09:30 . 2009-04-18 12:14 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-15 15:24 . 2009-07-15 16:54 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 16:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 16:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 16:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 10:10 . 2009-05-26 12:53 680 ----a-w- c:\users\ricky\AppData\Local\d3d9caps.dat
2009-06-09 11:34 . 2009-06-09 11:34 25214 ----a-r- c:\users\ricky\AppData\Roaming\Microsoft\Installer\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-06-09 11:34 . 2009-06-09 11:34 25214 ----a-r- c:\users\ricky\AppData\Roaming\Microsoft\Installer\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}\PHDM2009S_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-06-09 11:34 . 2009-06-09 11:34 10134 ----a-r- c:\users\ricky\AppData\Roaming\Microsoft\Installer\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-02_12.35.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-03 03:20 . 2009-09-03 09:11 90222 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-09-07 04:11 . 2009-09-03 09:11 20190 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1972994496-191894681-3689757596-1003_UserData.bin
+ 2009-09-03 08:42 . 2009-09-03 08:42 74328 c:\windows\System32\DriverStore\FileRepository\inspect.inf_9db18a86\inspect.sys
- 2007-09-07 04:04 . 2009-09-02 11:46 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-07 04:04 . 2009-09-03 12:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-07 04:04 . 2009-09-02 11:46 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-07 04:04 . 2009-09-03 12:50 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-07 04:04 . 2009-09-02 11:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-07 04:04 . 2009-09-03 12:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-08-28 10:17 86016 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-09-03 08:47 86016 c:\windows\inf\infpub.dat
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\AcRes.dll
+ 2008-06-02 18:27 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\AcRes.dll
+ 2009-09-03 09:07 . 2009-09-03 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-02 09:56 . 2009-09-02 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-02 09:56 . 2009-09-02 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-03 09:07 . 2009-09-03 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-09-03 09:11 118080 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-10 18:59 . 2009-09-03 08:36 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-09-10 18:59 . 2009-08-28 10:22 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-09-10 18:58 . 2009-09-03 08:36 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-09-10 18:58 . 2009-08-28 10:22 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2006-11-02 10:25 . 2009-09-03 08:47 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-28 10:17 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-28 10:17 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-09-03 08:47 143360 c:\windows\inf\infstor.dat
+ 2008-06-02 18:28 . 2008-03-08 04:21 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\gameux.dll
+ 2006-11-02 10:22 . 2009-09-03 06:10 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-08-29 12:05 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-06-11 19:04 . 2009-09-03 06:09 72018686 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oodishi]
@= "{14A94384-BBED-47ed-86C0-6BF63FD892D0} "
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2007-11-29 00:11 111872 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408]
"V Stuff Backup "= "c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-13 457728]
"LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"DiscWizardMonitor.exe "= "D:\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor "= "D:\TimounterMonitor.exe" [2008-06-24 904768]
"Seagate Scheduler2 Service "= "c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Google Quick Search Box "= "c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-20 68592]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\users\ricky\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"COMODO Internet Security "= "d:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-09-03 1796368]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-4 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\eNetHook.dll c:\windows\System32\guard32.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx "=c:\program files\Kontiki\KHost.exe -all
"Skype "= "c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"ehTray.exe "=c:\windows\ehome\ehTray.exe
"WMPNSCFG "=c:\program files\Windows Media Player\WMPNSCFG.exe
"JFSW2Launch "=c:\users\ricky\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
"Eraser "=d:\eraser\Eraser.exe -hide
"swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Google Update "= "c:\users\ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD "= "c:\program files\Kontiki\KHost.exe" -all
"basicsmssmenu "= "c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe "
"Skytel "=Skytel.exe
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"SynTPEnh "=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RtHDVCpl "=RtHDVCpl.exe
"Performance Center "=c:\program files\Ascentive\Performance Center\ApcMain.exe -m
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"MSConfig "= "c:\windows\System32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1972994496-191894681-3689757596-1003]
"EnableNotificationsRef "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDB0D729-BA62-4C77-8638-746EF056C039} "= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{1DEA81B7-AF88-4713-9270-47739FEA41D7}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe "= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"UDP Query User{0B1D35B6-23F8-450B-B554-8C4470C123B6}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe "= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"{CC12B615-FD9E-4BF4-BA93-4DB79AF8A2A4} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{F6107757-D871-4163-A7F7-9B9D0315026A} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{C3247BB2-52B8-4285-8035-02949D087F56}c:\\program files\\bitcomet\\bitcomet.exe "= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{1F974184-4D69-4F53-9947-149B02116218}c:\\program files\\bitcomet\\bitcomet.exe "= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{84573D15-B8E5-46CA-A4D4-4B482C5E6B56}c:\\program files\\bitcomet\\bitcomet.exe "= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2F52DE9F-EC85-4253-8D0B-F1881BBF39B6}c:\\program files\\bitcomet\\bitcomet.exe "= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{9C2A8F54-F64A-474B-8B3A-688221C47C58} "= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{B61844DB-1082-44F2-B744-BE1BD09B979E} "= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"TCP Query User{A5DA5E01-7984-44D4-A9A9-01C6D45BDD4F}c:\\program files\\kontiki\\khost.exe "= UDP:c:\program files\kontiki\khost.exeelivery Manager
"UDP Query User{CDD4750F-25AA-488C-9867-917E976C9EE9}c:\\program files\\kontiki\\khost.exe "= TCP:c:\program files\kontiki\khost.exeelivery Manager
"{C11B70F9-B891-44F1-BEF9-C550E2629534} "= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{F72E0B4B-ACC4-4FEA-8BFF-3502AD75210E} "= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"TCP Query User{4E713FD3-5F98-4D9D-BCF0-0690B5783C6C}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5AAF3438-539F-4794-B291-AF3C1BF9930E}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C03F452C-D875-4013-B8A6-C35CE75B026F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4D3B0B5D-5E2E-4589-91F7-40CF56F9280A} "= UDP:c:\program files\SpyZooka\SpyZookaLdr.exe:SpyZooka 2.5
"{C824D7F2-F4E4-47BD-BBA9-2E45AE3F93AB} "= TCP:c:\program files\SpyZooka\SpyZookaLdr.exe:SpyZooka 2.5
"{852337EF-013C-40EE-842C-D81B053AB7B6} "= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6C2C1527-2436-4D74-86A2-C13080967CFA} "= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{382D5DB8-BC09-4434-B70A-D4AD3AEA7299} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{9AAF9BDD-0CE4-4FFC-8C2B-76B3054559BC} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{C469E814-EDDF-40D9-859E-B5F0610D7B94}c:\\program files\\sony ericsson\\update service\\update service.exe "= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{7E26AA99-4189-4C0D-AB5D-7AB5976E54E1}c:\\program files\\sony ericsson\\update service\\update service.exe "= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{ECF95C4E-4A1C-44D8-A920-A2A60C94E1AE}c:\\program files\\sony ericsson\\new folder\\update service\\update service.exe "= UDP:c:\program files\sony ericsson\new folder\update service\update service.exe:Update Service
"UDP Query User{39CBF34E-6BCC-4700-B92F-43343AB79E50}c:\\program files\\sony ericsson\\new folder\\update service\\update service.exe "= TCP:c:\program files\sony ericsson\new folder\update service\update service.exe:Update Service
"TCP Query User{2B52019B-B76D-43B1-B53A-C08EDB42BA52}c:\\program files\\spotify\\spotify.exe "= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{FAF3EA4D-50CC-4AB8-BA2F-B312443CE22E}c:\\program files\\spotify\\spotify.exe "= TCP:c:\program files\spotify\spotify.exe:Spotify
"{1AB00EEB-A38C-4EF0-A65D-7CF05BE3D1DA} "= UDP:c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe:Live Mesh Remote Desktop
"{8A9C1795-E34E-4A2B-BE32-F7856D595CA3} "= TCP:c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe:Live Mesh Remote Desktop
"{166C9EDD-66C7-4D4E-879A-AA6BDE5F7CB6} "= UDP:c:\users\ricky\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe:Live Mesh
"{8208F557-551A-40E8-A6C8-FB5B1874CA26} "= TCP:c:\users\ricky\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe:Live Mesh
"{ABA76F6E-696C-4F53-90F0-56017EE0FAF4} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C94ADED9-8B3B-4DBC-B137-90238FA89CB9}d:\\zattoo\\zattood.exe "= UDP:d:\zattoo\zattood.exe:zattood
"UDP Query User{4BF0BF6F-87A1-437D-B878-7BB5F6A32082}d:\\zattoo\\zattood.exe "= TCP:d:\zattoo\zattood.exe:zattood
"{E91CE3E4-295E-405D-8A44-BC3A46103B49} "= UDP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{89E37C4B-4A7A-448A-8091-5E56E9884DBF} "= TCP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{6A8A0D48-2609-47AD-9116-6DFA7C923EDE} "= UDP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{17417811-139B-45AF-AF43-6D32813E7430} "= TCP:c:\users\ricky\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{518CDBE0-0953-40A8-9269-BF5753D3808C} "= UDP:d:\limewire\LimeWire.exe:LimeWire
"{EBDDD01E-8CDF-472E-BEA7-D2804FB18A43} "= TCP:d:\limewire\LimeWire.exe:LimeWire
"{CA9DA553-605A-44E6-8E4B-9742171BCC4E} "= UDP:c:\users\ricky\AppData\Local\Temp\7zSAFDE.tmp\SymNRT.exe:Norton Removal Tool
"{FCA8BAF7-6236-4A50-BDC6-67FFF79CB67C} "= TCP:c:\users\ricky\AppData\Local\Temp\7zSAFDE.tmp\SymNRT.exe:Norton Removal Tool

R0 hotcore3;Hotcore helper;c:\windows\System32\drivers\hotcore3.sys [09/06/2009 12:34 40496]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [03/04/2007 18:04 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [03/04/2007 00:11 35712]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\System32\drivers\oodisr.sys [29/11/2007 01:17 93192]
R0 oodisrh;oodisrh;c:\windows\System32\drivers\oodisrh.sys [29/11/2007 01:17 28168]
R0 oodivd;O&O DiskImage Virtual Disk Driver;c:\windows\System32\drivers\oodivd.sys [29/11/2007 01:17 127496]
R0 oodivdh;oodivdh;c:\windows\System32\drivers\oodivdh.sys [29/11/2007 01:18 26632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [03/09/2009 09:42 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [03/09/2009 09:42 29520]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 18:50 30312]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [24/06/2008 19:56 431384]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [01/12/2008 16:25 42304]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R3 RDPDISPM;RDPDISPM;c:\windows\System32\drivers\rdpdispm.sys [11/12/2008 14:06 10056]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [01/12/2007 15:51 264320]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [01/04/2009 14:52 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [03/09/2008 23:15 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [22/08/2008 23:49 13352]
S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\System32\drivers\pixmcvc.sys [03/06/2004 22:10 33792]
S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\System32\drivers\pixmcva.sys [20/03/2004 06:27 38144]
S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\System32\drivers\pixmcvv.sys [27/03/2004 02:56 32768]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 14:54 52080]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [01/01/2008 21:44 80744]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972994496-191894681-3689757596-1003.job
- c:\users\ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-10 13:04]

2009-05-13 c:\windows\Tasks\SendPhotos Download from Web.job
- c:\program files\Avanquest\Avanquest SendPhotos\PhotoSync.exe [2009-05-12 16:53]

2009-05-13 c:\windows\Tasks\SendPhotos Send to Web.job
- c:\program files\Avanquest\Avanquest SendPhotos\PhotoBackup.exe [2009-05-12 16:53]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{95F3B5FB-F483-44D7-BF6A-4DC6F76F6616}.job
- c:\windows\system32\msfeedssync.exe [2009-07-31 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
FF - ProfilePath - c:\users\ricky\AppData\Roaming\Mozilla\Firefox\Profiles\qmh8qvj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\users\ricky\AppData\Roaming\Mozilla\Firefox\Profiles\qmh8qvj3.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\users\ricky\AppData\Roaming\Mozilla\Firefox\Profiles\qmh8qvj3.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ricky\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\ricky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 14:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\System32\eNetHook.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(932)
c:\windows\System32\eNetHook.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(5472)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\OO Software\DiskImage\oodishi.dll
c:\program files\OO Software\DiskImage\oodishrs.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2009-09-03 14:22
ComboFix-quarantined-files.txt 2009-09-03 13:22
ComboFix2.txt 2009-09-02 12:40

Pre-Run: 1,682,116,608 bytes free
Post-Run: 3,123,949,568 bytes free

360 --- E O F --- 2009-09-03 06:06

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:56, on 03/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\DiscWizardMonitor.exe
D:\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
D:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] D:\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Users\ricky\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [V Stuff Backup] "C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" /delayed
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll C:\Windows\System32\guard32.dll C:\Windows\System32\eNetHook.dll
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9411 bytes

here is the comodo av scan

UnclassifiedMalware@19391321 C:\Program Files\Ascentive\Performance Center\APCLang.dll
UnclassifiedMalware@20779362 C:\Program Files\Ascentive\Performance Center\ApcMain.exe
Heur.Suspicious@30736863 C:\System Volume Information\SystemRestore\FRStaging\Users\ricky\AppData\Roaming\Virgin Broadband\advisor\downloads\advisor.41.exe.dir\advisor.exe
UnclassifiedMalware@8301931 C:\Users\ricky\AppData\Local\VirtualStore\ProgramData\Symantec\LiveUpdate\Downloads\1196745071jtun_firstexpirationpif.x00|pifCrawl.exe
Heur.Suspicious@30736863 C:\Users\ricky\AppData\Roaming\Virgin Broadband\advisor\downloads\advisor.41.exe.dir\advisor.exe
ApplicUnsaf.Win32.Hide.~AB@5325787 C:\Users\ricky\Desktop\ComboFix.exe
Application.Win32.Nircmd.~@16774100 C:\Users\ricky\Desktop\ComboFix.exe
Application.Win32.Nircmd.~@16774100 C:\Users\ricky\Desktop\ComboFix.exe
Application.Win32.Nircmd.~@16774100 C:\Users\ricky\Desktop\ComboFix.exe
Application.Win32.Nircmd.~@16774100 C:\Windows\NIRCMD.exe
Heur.Suspicious@19398682 C:\Windows\System32\TripAdvisor\ScreenSaver\uninstall.exe

 

trojan-proxy.win32.fackemo.v

broni sorry but i may have jumped the gun a bit and deleted combofix awhile earlier not uninstalled it is this alright? I uninstalled kontiki as you asked, no sign of sky anytime, i downloaded drweb to desktop and ran it, it came back with no viruses found so i ran a complete scan, not long into the scan as it was preparing the scan a blue screen with windows saying they closed down the computer due something may damage it,couldn't read it all as it started to reboot on its own, signed in then windows ran a chdsk but at 46% of 2nd stage of 3 it stopped as if it froze i waited and waited but nothing so i turned the computer off and restarted it myself, when up and running again i started drweb again and again nothing found on the express scan so i started a complete scan again, this time it got a lot further than documents and setting and seemed to be going alright so i left it running and went to bed as it seemed it would take a long time, got up this morning, windows had done an update and restarted the computer, so ran it again this morning, nothing in 1st scan, ran complete scan and again as it was preparing the scan windows with blue screen closed me down, wanted to do chdsk but i chose to skip, now i've ran 1st scan again and nothing but before i try the complete again i thought i would let you know about this, should i have let the chdsk run?

 

trojan-proxy.win32.fackemo.v

as you asked i ran dr web,as in my last post when scanning my computer it shut down twice before the scan could finish and chkdsk wanted to run, well the last scan i ran it actually got to finish and found 4 viruses, it took 2 full days to finish this scan, i select all them and then before i deleted them, i opened flie and clicked on save file log or log file and as soon as i clicked it windows closed the computer down again telling me it closed it down to prevent damage to the computer and then wanted to run chkdsk again,does dr web save the logs to any where on the computer? do you want me to try and run the scan again and maybe get another log? it might take another 2 days to scan it again though, sorry about all this, here is that hjt log, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:18, on 06/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\DiscWizardMonitor.exe
D:\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Users\ricky\Gmail Notifier\gnotify.exe
D:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] D:\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Users\ricky\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [V Stuff Backup] "C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" /delayed
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll C:\Windows\System32\guard32.dll C:\Windows\System32\eNetHook.dll
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9865 bytes

 

trojan-proxy.win32.fackemo.v

broni i have found a file named Cureit.log but when i try to open it notepad won't respond then windows searches for a solution and i tried to open it in adobe reader 9.0 but still won't open for to send to you, although the file size is 210mb.

 

trojan-proxy.win32.fackemo.v

broni i downloaded javara and when remove older versions was clicked it asked was i sure, then comodo firewall kept coming at me with javara.exe wants to change reg key something or other and it was one after the other a terrible lot of them so i stopped, is this o.k. to do this?