Inactive [InActive] Google Redirecting & Windows update error 0x80244019

Hiya as the title says when i use search engines i get redirected away from google to shopping site ect also at the same time this started to happen Windows stopped updating and has the 0x80244019 error code (80244019)

Im not that much of a wizz on computers but not a complete loss any help would be much needed, ive noticed people also pop a log up which log do i require to post?

Cheers in advance, Neil.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:59, on 03/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7841 bytes

 

Welcome to WindowsBBS Poondash

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

ComboFix 08-11-07.01 - Neil 2008-11-09 15:01:03.3 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.318 [GMT 0:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SZComp5.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-09 14:17 . 2008-11-09 15:00 13,240 --a------ c:\windows\System32\drivers\kgpcpy.cfg
2008-11-09 14:00 . 2008-11-09 14:45 <DIR> d-------- c:\users\All Users\SITEguard
2008-11-09 14:00 . 2008-11-09 14:45 <DIR> d-------- c:\programdata\SITEguard
2008-11-09 13:58 . 2008-11-09 15:00 <DIR> d-------- c:\users\All Users\STOPzilla!
2008-11-09 13:58 . 2008-11-09 15:00 <DIR> d-------- c:\programdata\STOPzilla!
2008-11-09 13:58 . 2008-11-09 13:58 <DIR> d-------- c:\program files\STOPzilla!
2008-11-09 13:58 . 2008-11-09 13:58 <DIR> d-------- c:\program files\Common Files\iS3
2008-11-09 12:07 . 2008-11-09 13:29 <DIR> d-------- c:\program files\Trillian
2008-11-02 14:26 . 2008-11-02 14:26 <DIR> d--h----- c:\users\Neil\InstallAnywhere
2008-11-02 14:21 . 2008-11-02 14:21 <DIR> d-------- c:\users\Neil\AppData\Roaming\InstallShield
2008-11-02 14:07 . 2008-11-02 14:07 154,605,753 --a------ c:\windows\MEMORY.DMP
2008-10-31 23:01 . 2008-11-02 14:36 <DIR> d-------- c:\windows\System32\catroot2
2008-10-31 20:40 . 2008-10-31 20:40 <DIR> d-------- c:\users\Neil\AppData\Roaming\Malwarebytes
2008-10-31 20:39 . 2008-10-31 20:39 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-10-31 20:39 . 2008-10-31 20:39 <DIR> d-------- c:\programdata\Malwarebytes
2008-10-31 20:27 . 2008-10-31 20:27 <DIR> d-------- c:\program files\Trend Micro
2008-10-31 20:08 . 2008-11-02 14:37 <DIR> d-------- c:\users\Neil\AppData\Roaming\SUPERAntiSpyware.com
2008-10-31 20:08 . 2008-10-31 20:08 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-10-31 20:08 . 2008-10-31 20:08 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-10-23 11:01 . 2008-10-23 11:01 17,408 -ra------ c:\windows\System32\SZIO5.dll
2008-10-23 11:00 . 2008-10-23 11:00 278,528 -ra------ c:\windows\System32\SZBase5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 11:46 --------- d-----w c:\programdata\WLInstaller
2008-11-03 19:08 1,792 ----a-w c:\users\Neil\AppData\Roaming\wklnhst.dat
2008-11-02 14:35 --------- d-----w c:\program files\Windows Live
2008-11-02 14:30 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-02 14:30 --------- d-----w c:\program files\Common Files\AOL
2008-11-02 14:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-02 14:21 --------- d-----w c:\users\Neil\AppData\Roaming\FUJIFILM
2008-11-02 14:18 --------- d-----w c:\programdata\AOL
2008-11-02 14:17 --------- d-----w c:\users\Neil\AppData\Roaming\AOL
2008-11-02 13:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-02 13:34 --------- d-----w c:\program files\Microsoft Works
2008-10-08 14:27 49,664 ----a-r c:\windows\system32\drivers\SZKG.sys
2008-09-29 14:08 364,544 ----a-r c:\windows\System32\IS3DBA5.dll
2008-09-29 14:08 126,976 ----a-r c:\windows\System32\IS3HTUI5.dll
2008-09-29 14:07 61,440 ----a-r c:\windows\System32\IS3Hks5.dll
2008-09-29 14:07 372,736 ----a-r c:\windows\System32\IS3UI5.dll
2008-09-29 14:07 23,040 ----a-r c:\windows\System32\IS3XDat5.dll
2008-09-29 14:06 94,208 ----a-r c:\windows\System32\IS3Inet5.dll
2008-09-29 14:06 90,112 ----a-r c:\windows\System32\IS3Svc5.dll
2008-09-29 14:06 212,992 ----a-r c:\windows\System32\IS3Win325.dll
2008-09-29 14:03 708,608 ----a-r c:\windows\System32\IS3Base5.dll
2008-09-20 09:54 --------- d-----w c:\users\Neil\AppData\Roaming\LimeWire
2008-09-15 11:00 --------- d-----w c:\program files\Norton SystemWorks Basic Edition
2008-07-28 13:00 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-11-02_13.43.56.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-05 07:29:15 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-11-02 14:42:08 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-10-05 07:29:15 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2008-11-02 14:42:08 86,016 ----a-w c:\windows\inf\infstor.dat
- 2008-10-05 07:29:14 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-11-02 14:42:08 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2008-11-02 13:36:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-09 14:04:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-02 13:36:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-09 14:04:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-14 07:45:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-09 14:05:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-14 07:45:29 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-09 14:05:56 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-14 07:45:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-09 14:05:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-02 13:38:45 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-09 14:07:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-09 14:07:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-02 13:23:25 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-09 13:47:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-02 13:23:25 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-09 13:47:30 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-02 13:23:25 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-09 13:47:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-02 13:38:39 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-09 14:07:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-09 14:07:35 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-02 12:47:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-09 14:04:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-02 12:47:20 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-09 14:04:36 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-02 12:47:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-09 14:04:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-31 21:15:35 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-09 15:00:54 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2004-02-25 22:58:20 54,784 ----a-w c:\windows\System32\Inetwh32.dll
+ 2004-02-25 14:58:20 54,784 ----a-w c:\windows\System32\Inetwh32.dll
- 2004-02-25 22:58:22 44,544 ----a-w c:\windows\System32\jgaw400.dll
+ 2004-02-25 14:58:22 44,544 ----a-w c:\windows\System32\jgaw400.dll
- 2004-02-25 22:58:22 167,936 ----a-w c:\windows\System32\jgdw400.dll
+ 2004-02-25 14:58:22 167,936 ----a-w c:\windows\System32\jgdw400.dll
- 2004-02-25 22:58:22 35,840 ----a-w c:\windows\System32\jgmd400.dll
+ 2004-02-25 14:58:22 35,840 ----a-w c:\windows\System32\jgmd400.dll
- 2004-02-25 22:58:22 42,496 ----a-w c:\windows\System32\jgpl400.dll
+ 2004-02-25 14:58:22 42,496 ----a-w c:\windows\System32\jgpl400.dll
- 2004-02-25 22:58:22 45,568 ----a-w c:\windows\System32\jgsd400.dll
+ 2004-02-25 14:58:22 45,568 ----a-w c:\windows\System32\jgsd400.dll
- 2004-02-25 22:58:22 65,536 ----a-w c:\windows\System32\jgsh400.dll
+ 2004-02-25 14:58:22 65,536 ----a-w c:\windows\System32\jgsh400.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\System32\Macromed\Flash\FlashUtil10a.exe
- 2008-07-28 15:11:44 74,137 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-04 16:05:56 89,102 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
- 2004-02-25 22:58:08 1,060,864 ----a-w c:\windows\System32\MFC71.dll
+ 2004-02-25 14:58:08 1,060,864 ----a-w c:\windows\System32\MFC71.dll
- 2008-11-02 13:42:23 105,448 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-09 14:12:25 105,448 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-02 13:42:23 599,942 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-09 14:12:25 599,942 ----a-w c:\windows\System32\perfh009.dat
- 2008-01-08 22:48:07 157,696 ----a-w c:\windows\System32\rmoc3260.dll
+ 2008-11-02 14:00:36 157,696 ----a-w c:\windows\System32\rmoc3260.dll
- 2004-02-25 22:58:22 1,044,480 ----a-w c:\windows\System32\ROBOEX32.DLL
+ 2004-02-25 14:58:22 1,044,480 ----a-w c:\windows\System32\ROBOEX32.DLL
- 2008-09-11 08:11:50 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-11-03 19:49:58 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-11-02 13:38:00 9,392 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2677735922-3993952856-252320735-1000_UserData.bin
+ 2008-11-09 14:07:36 9,850 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2677735922-3993952856-252320735-1000_UserData.bin
- 2008-11-02 13:38:00 60,800 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-09 14:07:36 62,196 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-02 13:37:56 53,844 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-09 14:07:27 54,444 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r "=" " [?]
"????????? "= "??????????????e" [?]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"Acer Empowering Technology Monitor "= "c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp "= "c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2008-01-09 26112]
"Windows Mobile Device Center "= "c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Windows Mobile-based device management "= "c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"PAC7302_Monitor "= "c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2008-02-10 152952]
"RtHDVCpl "= "RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc "= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{98F4B9F5-72D9-47F4-AC15-4DE966EEBABC} "= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CD2A1510-B12D-4C40-BDDF-BD212CAB9CE4} "= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{BDD085AE-CF43-46C6-9E70-7E073AD29CB2} "= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{8BE9C3F8-448E-435A-AF2F-F7EE3BB9D89D} "= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{A8C56F1C-1585-4705-A7AF-28D9640CE5A0} "= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{F1959374-D58A-41D8-BA2D-8B62724A998E} "= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{03E1AEB6-D2D0-42FD-9A67-6C8842F1156D} "= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{3214A61F-9D8F-4921-B7EA-02CB77F82A74} "= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{0B2F8EFC-4D57-4D0F-B04E-444A8FA09552} "= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{B5037C20-803B-4352-97DB-51C297900829} "= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{2299D46D-53FD-4ED3-99F1-63ECC5FC3EFE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6A6FAFB-1A2F-499D-B618-E39EE36A246E} "= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{141D9667-7C17-4B09-A580-288884A9F907} "= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{EECD2F3D-DA86-4B25-8A4E-8E07CDB63D9F} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C284111C-70A8-40ED-AE2D-9246A40AAB3F} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{98727959-C330-4729-B105-C7313046736B} "= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C6687560-78CA-4B64-8A0C-F4BCD8B1B715} "= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{01EACA0D-BA78-4191-86A0-39BD2E2CFF28} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{18D85652-D81A-4E90-BE88-76F7710AF2E7} "= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B0152A8D-0120-4A1B-B160-AC4BFC1D2D19} "= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{245D4BA0-C72A-434E-9EAC-58ED377C0C54} "= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F0952E82-C6E5-4B25-AF03-AAD3BAED0DA2} "= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{2F61DEC2-DD05-49EA-B5A6-0D7E36EC638A} "= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{58D50C57-02F8-43EC-B790-28A542F5F6B9} "= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CA6CF0E4-A9B8-483D-814E-63B84191C045} "= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{CD7FECA0-A6BA-4141-A0C1-70E2A3F81F27} "= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{F939AA0D-387B-470E-9225-7249A5ED12BC} "= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{6A99E458-D621-41F3-AD00-1D9B1D5202D1} "= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{959A31B9-9A86-455E-816F-A5BD1549BF6E} "= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{1412A9A8-E982-479A-993D-47ACC23E4DC7} "= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{3BABD72B-AADE-48FA-95B2-D38D63B2E0D5} "= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{09DE629E-BBEF-40F9-9F99-0B8F2B96F3C3} "= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{623F5FD6-5729-40EE-93A6-47F7CE8B51B2} "= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{46F794D9-6789-47C5-BF34-583C87F9CF54} "= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe "= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe "= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe "= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 14344]
R0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [2008-10-08 49664]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081108.003\IDSvix86.sys [2008-09-12 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50091e1b-be72-11dc-beaa-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-01-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

2008-09-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Neil.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2008-09-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 10:18]

2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{E51A6C0F-0945-4417-8606-748F398C3DA5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://en.uk.acer.yahoo.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 15:03:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-09 15:04:15
ComboFix-quarantined-files.txt 2008-11-09 15:04:07
ComboFix2.txt 2008-11-02 13:45:13

Pre-Run: 47,697,637,376 bytes free
Post-Run: 47,684,210,688 bytes free

273

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:10, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8874 bytes

 

http://img.photobucket.com/albums/v427/Poondash/bugs.jpg

Here is a picture of the Stopzilla results.

 

I cannot see the full results of the Stopzilla results. Please post the keys found and reported detection, or a scan log.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

DeQuarantine::
C:\Qoobox\Quarantine\C\windows\system32\SZComp5.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "????r "=-
 "????????? "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

Sorry about the long reply in the middle of sellin and moving.

=================== ==================
==============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:59, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8908 bytes
=========================================================

 

ComboFix 08-11-23.02 - Neil 2008-11-24 21:50:22.4 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.325 [GMT 0:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
Command switches used :: c:\users\Neil\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-13 20:32 . 2008-11-13 20:32 0 --a------ C:\hosts
2008-11-09 14:00 . 2008-11-12 16:43 <DIR> d-------- c:\users\All Users\SITEguard
2008-11-09 14:00 . 2008-11-12 16:43 <DIR> d-------- c:\programdata\SITEguard
2008-11-09 13:58 . 2008-11-24 21:45 <DIR> d-------- c:\users\All Users\STOPzilla!
2008-11-09 13:58 . 2008-11-24 21:45 <DIR> d-------- c:\programdata\STOPzilla!
2008-11-09 13:58 . 2008-11-09 13:58 <DIR> d-------- c:\program files\STOPzilla!
2008-11-09 13:58 . 2008-11-09 13:58 <DIR> d-------- c:\program files\Common Files\iS3
2008-11-09 12:07 . 2008-11-09 13:29 <DIR> d-------- c:\program files\Trillian
2008-11-02 14:26 . 2008-11-02 14:26 <DIR> d--h----- c:\users\Neil\InstallAnywhere
2008-11-02 14:21 . 2008-11-02 14:21 <DIR> d-------- c:\users\Neil\AppData\Roaming\InstallShield
2008-11-02 14:07 . 2008-11-02 14:07 154,605,753 --a------ c:\windows\MEMORY.DMP
2008-10-31 23:01 . 2008-11-24 21:28 <DIR> d-------- c:\windows\System32\catroot2
2008-10-31 20:40 . 2008-10-31 20:40 <DIR> d-------- c:\users\Neil\AppData\Roaming\Malwarebytes
2008-10-31 20:39 . 2008-10-31 20:39 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-10-31 20:39 . 2008-10-31 20:39 <DIR> d-------- c:\programdata\Malwarebytes
2008-10-31 20:27 . 2008-10-31 20:27 <DIR> d-------- c:\program files\Trend Micro
2008-10-31 20:08 . 2008-11-02 14:37 <DIR> d-------- c:\users\Neil\AppData\Roaming\SUPERAntiSpyware.com
2008-10-31 20:08 . 2008-10-31 20:08 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-10-31 20:08 . 2008-10-31 20:08 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 21:48 --------- d-----w c:\program files\Norton SystemWorks Basic Edition
2008-11-20 21:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-09 11:46 --------- d-----w c:\programdata\WLInstaller
2008-11-03 19:08 1,792 ----a-w c:\users\Neil\AppData\Roaming\wklnhst.dat
2008-11-02 14:35 --------- d-----w c:\program files\Windows Live
2008-11-02 14:30 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-02 14:30 --------- d-----w c:\program files\Common Files\AOL
2008-11-02 14:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-02 14:21 --------- d-----w c:\users\Neil\AppData\Roaming\FUJIFILM
2008-11-02 14:18 --------- d-----w c:\programdata\AOL
2008-11-02 14:17 --------- d-----w c:\users\Neil\AppData\Roaming\AOL
2008-11-02 13:34 --------- d-----w c:\program files\Microsoft Works
2008-10-23 11:01 17,408 ----a-r c:\windows\System32\SZIO5.dll
2008-10-23 11:00 278,528 ----a-r c:\windows\System32\SZBase5.dll
2008-10-08 14:27 49,664 ----a-r c:\windows\system32\drivers\SZKG.sys
2008-09-29 14:08 364,544 ----a-r c:\windows\System32\IS3DBA5.dll
2008-09-29 14:08 126,976 ----a-r c:\windows\System32\IS3HTUI5.dll
2008-09-29 14:07 61,440 ----a-r c:\windows\System32\IS3Hks5.dll
2008-09-29 14:07 372,736 ----a-r c:\windows\System32\IS3UI5.dll
2008-09-29 14:07 23,040 ----a-r c:\windows\System32\IS3XDat5.dll
2008-09-29 14:06 94,208 ----a-r c:\windows\System32\IS3Inet5.dll
2008-09-29 14:06 90,112 ----a-r c:\windows\System32\IS3Svc5.dll
2008-09-29 14:06 212,992 ----a-r c:\windows\System32\IS3Win325.dll
2008-09-29 14:03 708,608 ----a-r c:\windows\System32\IS3Base5.dll
2008-07-28 13:00 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-11-09_15.03.44.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-09 14:04:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-24 21:26:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-09 14:04:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-24 21:26:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-09 14:05:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-24 20:01:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-09 14:05:56 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-24 20:01:57 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-09 14:05:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-24 20:01:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-09 14:07:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-24 21:53:21 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-11-09 13:47:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-24 21:37:07 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-09 13:47:30 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-24 21:37:07 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-09 13:47:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-24 21:37:07 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-09 14:07:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-24 21:53:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-24 21:53:36 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-09 14:04:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-24 21:44:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-09 14:04:36 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-24 21:44:20 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-09 14:04:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-24 21:44:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-09 15:00:54 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-24 21:49:54 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-09 14:12:25 105,448 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-24 21:31:50 105,448 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-09 14:12:25 599,942 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-24 21:31:50 599,942 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-09 14:07:36 9,850 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2677735922-3993952856-252320735-1000_UserData.bin
+ 2008-11-24 21:28:57 10,174 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2677735922-3993952856-252320735-1000_UserData.bin
- 2008-11-09 14:07:36 62,196 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-24 21:28:56 62,604 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-20 23:09:26 2,662 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-09 14:07:27 54,444 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-24 20:03:27 55,252 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-10-26 19:16:06 69,388 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-12 16:42:00 93,716 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r "=" " [?]
"????????? "= "??????????????e" [?]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"Acer Empowering Technology Monitor "= "c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp "= "c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2008-01-09 26112]
"Windows Mobile Device Center "= "c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Windows Mobile-based device management "= "c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"PAC7302_Monitor "= "c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2008-02-10 152952]
"RtHDVCpl "= "RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc "= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{98F4B9F5-72D9-47F4-AC15-4DE966EEBABC} "= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CD2A1510-B12D-4C40-BDDF-BD212CAB9CE4} "= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{BDD085AE-CF43-46C6-9E70-7E073AD29CB2} "= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{8BE9C3F8-448E-435A-AF2F-F7EE3BB9D89D} "= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{A8C56F1C-1585-4705-A7AF-28D9640CE5A0} "= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{F1959374-D58A-41D8-BA2D-8B62724A998E} "= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{03E1AEB6-D2D0-42FD-9A67-6C8842F1156D} "= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{3214A61F-9D8F-4921-B7EA-02CB77F82A74} "= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{0B2F8EFC-4D57-4D0F-B04E-444A8FA09552} "= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{B5037C20-803B-4352-97DB-51C297900829} "= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{2299D46D-53FD-4ED3-99F1-63ECC5FC3EFE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6A6FAFB-1A2F-499D-B618-E39EE36A246E} "= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{141D9667-7C17-4B09-A580-288884A9F907} "= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{EECD2F3D-DA86-4B25-8A4E-8E07CDB63D9F} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C284111C-70A8-40ED-AE2D-9246A40AAB3F} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{98727959-C330-4729-B105-C7313046736B} "= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C6687560-78CA-4B64-8A0C-F4BCD8B1B715} "= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{01EACA0D-BA78-4191-86A0-39BD2E2CFF28} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{18D85652-D81A-4E90-BE88-76F7710AF2E7} "= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B0152A8D-0120-4A1B-B160-AC4BFC1D2D19} "= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{245D4BA0-C72A-434E-9EAC-58ED377C0C54} "= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F0952E82-C6E5-4B25-AF03-AAD3BAED0DA2} "= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{2F61DEC2-DD05-49EA-B5A6-0D7E36EC638A} "= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{58D50C57-02F8-43EC-B790-28A542F5F6B9} "= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CA6CF0E4-A9B8-483D-814E-63B84191C045} "= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{CD7FECA0-A6BA-4141-A0C1-70E2A3F81F27} "= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{F939AA0D-387B-470E-9225-7249A5ED12BC} "= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{6A99E458-D621-41F3-AD00-1D9B1D5202D1} "= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{959A31B9-9A86-455E-816F-A5BD1549BF6E} "= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{1412A9A8-E982-479A-993D-47ACC23E4DC7} "= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{3BABD72B-AADE-48FA-95B2-D38D63B2E0D5} "= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{09DE629E-BBEF-40F9-9F99-0B8F2B96F3C3} "= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{623F5FD6-5729-40EE-93A6-47F7CE8B51B2} "= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{46F794D9-6789-47C5-BF34-583C87F9CF54} "= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe "= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe "= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe "= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-12-12 14344]
R0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [2008-10-08 49664]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-11-21 270384]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-01-26 149352]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50091e1b-be72-11dc-beaa-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-01-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

2008-09-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Neil.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2008-09-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 10:18]

2008-11-24 c:\windows\Tasks\User_Feed_Synchronization-{E51A6C0F-0945-4417-8606-748F398C3DA5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 21:53:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-24 21:55:04
ComboFix-quarantined-files.txt 2008-11-24 21:54:59
ComboFix2.txt 2008-11-13 21:00:26
ComboFix3.txt 2008-11-09 15:04:16
ComboFix4.txt 2008-11-02 13:45:13

Pre-Run: 46,953,689,088 bytes free
Post-Run: 46,951,858,176 bytes free

230

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "????r "=-
 "????????? "=-

Right click fix.reg and select Run As Administrator, then allow it to merge with the registry. Delete fix.reg.


Please give me an update on the computer's behavior, and if still getting detections from Stopzilla, please post the details of those here.