montuiiri

hi

i have scanned my computer with spybot S&D and it has picked up the following malware and viruses:

virtumonde.sci
smitfraud-C.
win32.BHO.sx

please help me
how do i get rid of them because spybot didnt.

many thanks

Respital

Hello and Welcome to the Computer Forum, please do the following;


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file from one of the three below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.forospyware.com/sUBs/ComboFix.exe
  http://subs.geekstogo.com/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here , Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.




Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

In your next reply i will need:

• The ComboFix log
• Malwarebytes' log
• A HiJackThis log
• An update on how your computer is running

__________________
Winner of Photo Tourney: Twilight
/My Rig:/
/Case :/ Antec Sonata III
/Power Supply :/ Antec Earthquake 500W
/Motherboard :/ Gigabyte P35-DSR3
/Processor :/ Intel E6850@3.4Ghz
/Ram :/ Consair 2x 1 Gb 800mhz
/Video Card :/ Zotac 8800 GT
/Monitor:/Samsung T220 w 20 000 : 1 Contrast and 2ms response time
/3DMark06 Score :/ 11730

montuiiri

thanks for your reply and i apologise for the slow reply to you. i have been busy at work and away. anyway find below the 3 logs which you requested.



ComboFix 09-06-29.07 - Montuiiri 30/06/2009 22:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3066.1790 [GMT 1:00]
Running from: c:\users\Montuiiri\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Montuiiri\AppData\Local\Microsoft\Windows \Temporary Internet Files\mcc5891.tmp
c:\users\Montuiiri\AppData\Local\Microsoft\Windows \Temporary Internet Files\mcc59E5.tmp
c:\users\Montuiiri\AppData\Local\Microsoft\Windows \Temporary Internet Files\mccCF04.tmp
c:\users\Montuiiri\AppData\Roaming\.#
c:\users\Montuiiri\AppData\Roaming\.#\MBX@121C@242 990.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@121C@242 9C0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@121C@242 9F0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@3FC@1B29 90.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@3FC@1B29 C0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@3FC@1B29 F0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@8AC@6729 90.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@8AC@6729 C0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@8AC@6729 F0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@C34@1DF2 990.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@C34@1DF2 9C0.###
c:\users\Montuiiri\AppData\Roaming\.#\MBX@C34@1DF2 9F0.###

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 21:08 . 2009-06-30 21:09 -------- d-----w- C:\32788R22FWJFW
2009-06-30 15:35 . 2009-05-13 07:32 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\NAVEX15.SYS
2009-06-30 15:35 . 2009-05-13 07:32 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\NAVEX32A.DLL
2009-06-30 15:35 . 2009-05-13 07:32 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\NAVENG.SYS
2009-06-30 15:35 . 2009-05-13 07:32 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\EECTRL.SYS
2009-06-30 15:35 . 2009-05-13 07:32 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\ECMSVR32.DLL
2009-06-30 15:35 . 2009-05-13 07:32 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\CCERASER.DLL
2009-06-30 15:35 . 2009-05-13 07:32 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\NAVENG32.DLL
2009-06-30 15:35 . 2009-05-13 07:32 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0630.002\ERASER.SYS
2009-06-30 12:44 . 2009-06-30 12:44 -------- d-----w- C:\VundoFix Backups
2009-06-30 12:09 . 2009-06-30 21:05 -------- d-----w- c:\program files\Enigma Software Group
2009-06-30 10:54 . 2009-05-13 07:32 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\NAVENG.SYS
2009-06-30 10:54 . 2009-05-13 07:32 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\NAVEX15.SYS
2009-06-30 10:54 . 2009-05-13 07:32 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\NAVENG32.DLL
2009-06-30 10:54 . 2009-05-13 07:32 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\NAVEX32A.DLL
2009-06-30 10:54 . 2009-05-13 07:32 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\EECTRL.SYS
2009-06-30 10:54 . 2009-05-13 07:32 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\ECMSVR32.DLL
2009-06-30 10:54 . 2009-05-13 07:32 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\CCERASER.DLL
2009-06-30 10:54 . 2009-05-13 07:32 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\2009 0629.049\ERASER.SYS
2009-06-24 10:46 . 2009-06-23 12:49 325640 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-06-24 10:46 . 2009-06-23 12:49 108552 ----a-w- c:\programdata\avg8\update\backup\avgtdix.sys
2009-06-24 10:46 . 2009-06-23 12:48 23832 ----a-w- c:\programdata\avg8\update\backup\avgfwd6x.sys
2009-06-24 10:45 . 2009-06-23 12:48 29464 ----a-w- c:\programdata\avg8\update\backup\avgfwd6a.sys
2009-06-24 10:45 . 2009-06-23 12:49 12552 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-06-24 10:45 . 2009-06-23 12:49 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-06-24 10:45 . 2009-06-23 12:49 27656 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-06-24 10:45 . 2009-06-23 12:49 485144 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 10:39 . 2009-06-23 12:49 1057048 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-06-24 10:39 . 2009-06-23 12:49 1423640 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-24 10:39 . 2009-06-23 12:49 582936 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-06-24 10:39 . 2009-06-23 12:49 746264 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-23 14:28 . 2009-06-30 13:50 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-23 12:50 . 2009-06-23 12:50 -------- d-----w- c:\programdata\Downloaded Installations
2009-06-23 12:49 . 2009-06-24 10:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 12:49 . 2009-06-24 10:43 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-23 12:49 . 2009-06-24 10:44 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 12:49 . 2009-06-30 10:40 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-23 12:49 . 2009-06-24 10:44 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 12:49 . 2009-06-24 10:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-23 12:48 . 2009-06-24 10:43 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-06-23 12:48 . 2009-06-23 12:48 -------- d-----w- c:\program files\AVG
2009-06-23 12:48 . 2009-06-23 12:48 -------- d-----w- c:\programdata\avg8
2009-06-20 21:16 . 2009-06-30 21:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-20 21:16 . 2009-06-30 21:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-19 21:30 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\Scxpx86.dll
2009-06-19 21:30 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\IDSvix86.sys
2009-06-19 21:30 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\SymIDSco.sys
2009-06-19 21:30 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\IDSxpx86.dll
2009-06-19 21:30 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\SymIDSI.dll
2009-06-19 21:30 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\IDSviA64.sys
2009-06-19 21:30 . 2008-12-05 00:11 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090618.001\IDS9xx86.dll
2009-06-14 19:21 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 19:21 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 17:23 . 2009-06-13 09:04 1330 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\cur.scr
2009-06-14 17:23 . 2009-05-13 07:32 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\NAVENG.SYS
2009-06-14 17:23 . 2009-05-13 07:32 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\NAVEX15.SYS
2009-06-14 17:23 . 2009-05-13 07:32 750 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\hub.scr
2009-06-14 17:23 . 2009-05-13 07:32 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\NAVENG32.DLL
2009-06-14 17:23 . 2009-05-13 07:32 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\NAVEX32A.DLL
2009-06-14 17:23 . 2009-05-13 07:32 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\EECTRL.SYS
2009-06-14 17:23 . 2009-05-13 07:32 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\ECMSVR32.DLL
2009-06-14 17:23 . 2009-05-13 07:32 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\CCERASER.DLL
2009-06-14 17:23 . 2009-05-13 07:32 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp5 719.tmp\ERASER.SYS
2009-06-14 17:09 . 2009-06-14 17:09 -------- d-----w- c:\users\Montuiiri\AppData\Local\Symantec
2009-06-13 17:32 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\Scxpx86.dll
2009-06-13 17:32 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\IDSvix86.sys
2009-06-13 17:32 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\SymIDSco.sys
2009-06-13 17:32 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\IDSxpx86.dll
2009-06-13 17:32 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\SymIDSI.dll
2009-06-13 17:32 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\IDSviA64.sys
2009-06-13 17:32 . 2008-12-05 00:11 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsde fs\20090610.001\IDS9xx86.dll
2009-06-12 09:39 . 2009-06-12 09:39 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB7FA.tmp.exe
2009-06-08 19:22 . 2009-06-08 19:22 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-08 19:20 . 2009-06-08 19:21 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\Motive
2009-06-08 19:19 . 2009-06-13 17:22 -------- d-----w- c:\programdata\Motive
2009-06-08 19:19 . 2009-06-08 19:19 -------- d-----w- c:\program files\Common Files\Motive
2009-06-08 19:18 . 2009-06-08 19:19 -------- d-----w- c:\program files\BT Broadband Desktop Help
2009-06-08 19:17 . 2009-06-08 19:17 -------- d-----w- c:\program files\Citrix
2009-06-08 19:17 . 2009-02-02 09:38 218496 ------w- c:\windows\system32\BTEmailConfig.dll
2009-06-08 19:17 . 2009-06-08 19:17 -------- d-----w- c:\windows\BTV.0000
2009-06-08 19:16 . 2009-06-08 19:16 -------- d-----w- c:\program files\BTHomeHub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-30 21:35 . 2009-04-10 19:51 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\Skype
2009-06-30 20:33 . 2009-04-10 19:53 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\skypePM
2009-06-27 21:27 . 2009-04-25 13:03 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\Spotify
2009-06-24 11:20 . 2008-08-30 18:04 -------- d-----w- c:\program files\Common Files\SPBA
2009-06-24 11:20 . 2009-04-10 19:51 -------- d-----w- c:\program files\Common Files\Skype
2009-06-24 11:20 . 2008-07-22 19:54 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-24 11:20 . 2009-01-09 18:59 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-06-24 11:20 . 2009-03-26 14:13 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\vlc
2009-06-24 11:20 . 2009-04-10 19:51 -------- d-----r- c:\program files\Skype
2009-06-24 11:20 . 2008-07-22 19:57 -------- d-----w- c:\programdata\Microsoft Help
2009-06-24 11:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-24 11:20 . 2008-07-22 19:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-24 11:20 . 2008-08-30 17:52 -------- d-----w- c:\program files\Launch Manager
2009-06-24 10:51 . 2008-12-29 16:32 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\LimeWire
2009-06-08 19:17 . 2008-07-22 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 19:17 . 2009-05-28 16:04 -------- d-----w- c:\program files\Yahoo!
2009-05-31 16:47 . 2008-12-17 13:52 28219 ----a-w- c:\programdata\nvModes.dat
2009-05-31 16:45 . 2009-05-31 16:34 -------- d-----w- c:\program files\Empire of Sports
2009-05-31 16:45 . 2009-05-31 16:45 -------- d-----w- c:\programdata\F4
2009-05-31 16:35 . 2009-05-31 16:34 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\F4
2009-05-28 16:06 . 2009-05-28 16:04 -------- d-----w- c:\programdata\Yahoo!
2009-05-28 16:05 . 2009-05-28 16:05 -------- d-----w- c:\users\Montuiiri\AppData\Roaming\Yahoo!
2009-05-06 13:51 . 2009-05-06 13:51 478904 ----a-w- c:\programdata\F4\EoS-Launcher.exe
2009-05-05 23:00 . 2009-05-05 23:00 -------- d-----w- c:\program files\QuickTime
2009-04-30 18:45 . 2009-02-17 12:46 599560 ----a-w- c:\users\Montuiiri\AppData\Roaming\HiYo\Data\hiyo_ install.exe
2009-04-24 16:05 . 2009-06-10 21:36 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 21:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 21:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-10 21:36 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 21:36 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 21:36 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:53 . 2009-04-10 19:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-04-07 20:43 . 2009-04-07 20:43 10134 ----a-r- c:\users\Montuiiri\AppData\Roaming\Microsoft\Insta ller\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2009-04-06 16:17 . 2009-04-06 16:17 21200 ----a-w- c:\programdata\F4\IHelper.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:08 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-12-16 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-08-30 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 24064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2008-12-23 300336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-22 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-03-25 1548288]
"btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2009-03-25 1516032]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDS UI.exe" [2009-02-26 1579528]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]

c:\users\Montuiiri\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-4-7 327680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-8-30 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKe y MC3000]
2008-08-30 18:05 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-08 19:17 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 22:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleD esktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{DA5051CF-D474-4874-91E0-6AF89A6E709C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{82A2761F-EB86-4B94-8A08-F3620CEAB911}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{6CE13BAB-0044-4A1B-A172-D527C162E66C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{D9BB5EAB-F091-4604-804C-09D150909543}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FCF6B34D-BD65-4894-900B-CA0F9A45F03E}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{1647C1E8-FD91-4405-A242-0138592E6142}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FCFF7ECA-8F10-4FDD-9143-39FF5D8D2784}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F2F980CC-DFA7-4E83-9E28-BC854634A779}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DB223F1-96CE-47FD-9D4A-A94069BD8A99}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{67640456-6807-40C0-9CDF-B706A5A46E83}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{D6B8AE2D-7151-4F3B-BEDB-A3A5EA7C5C43}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{C8249A38-E143-4CEE-854A-848E3BA7B6C2}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{15C2A34E-CA8A-40B5-BD2E-8069881E91BD}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{18E5498E-EA6B-4B32-8E84-FF629D5C2EEB}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{DFDD48F6-58D3-4FD9-A961-DFFB043995B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{490AFEB6-477E-4925-90EF-C80782CF38E8}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DA7E46E6-EEBB-47CA-A40E-576EA71A7B21}c:\\program files\\globalstar software\\school tycoon\\schooltycoon.exe"= UDP:c:\program files\globalstar software\school tycoon\schooltycoon.exe:SchoolTycoon
"UDP Query User{02ED77FA-EBFF-4FD7-BA19-8909944EC63B}c:\\program files\\globalstar software\\school tycoon\\schooltycoon.exe"= TCP:c:\program files\globalstar software\school tycoon\schooltycoon.exe:SchoolTycoon
"TCP Query User{E2417BB8-7D9C-4BE5-9634-372EE8F97520}c:\\program files\\global star software\\airport tycoon 3\\at3.exe"= UDP:c:\program files\global star software\airport tycoon 3\at3.exe:at3
"UDP Query User{127E95C6-4E64-4781-9486-D951421AEC41}c:\\program files\\global star software\\airport tycoon 3\\at3.exe"= TCP:c:\program files\global star software\airport tycoon 3\at3.exe:at3
"TCP Query User{F63E2039-E583-4C1E-8B6A-B70AAFB14039}c:\\program files\\blackstar interactive\\oil tycoon\\ot.exe"= UDP:c:\program files\blackstar interactive\oil tycoon\ot.exe:Oil Tycoon
"UDP Query User{CE94E69C-7D0F-4876-968D-131F9BB72D6B}c:\\program files\\blackstar interactive\\oil tycoon\\ot.exe"= TCP:c:\program files\blackstar interactive\oil tycoon\ot.exe:Oil Tycoon
"TCP Query User{F68C0243-C985-48FA-A784-BF27A885E01E}c:\\program files\\global star software\\luxury liner tycoon\\cruise.exe"= UDP:c:\program files\global star software\luxury liner tycoon\cruise.exe:Main Executable
"UDP Query User{E6DC9796-4DB5-482E-AAC4-E2115E0EF1F8}c:\\program files\\global star software\\luxury liner tycoon\\cruise.exe"= TCP:c:\program files\global star software\luxury liner tycoon\cruise.exe:Main Executable
"{307E9EE1-AB52-4F20-B600-5D313E2FA5CF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D350DD38-115E-4962-BD87-02B617655E0D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{894316AB-A86E-492E-A790-2FB21215A0E7}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{A7C8C9C0-132B-4354-82B5-2DEA15AC10A1}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"{0917EF50-7B77-4273-949A-B6912A68FB57}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D2A2CF95-B328-412E-A0BF-A086C47BD0C0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5D153E2E-0B07-4856-83F6-E69080B30040}"= UDP:c:\program files\Empire of Sports\NetworkDiagnostic.exe:Empire of Sports Network Diagnostic
"{68A419CB-A03B-4B74-A913-B104FB5B1A7E}"= TCP:c:\program files\Empire of Sports\NetworkDiagnostic.exe:Empire of Sports Network Diagnostic
"{C4B29068-F65C-42F8-B4A7-B082A2F93968}"= UDP:c:\program files\Empire of Sports\EmpireOfSports.exe:Empire of Sports
"{26907A57-9A63-4F33-82DD-91F15DB5319E}"= TCP:c:\program files\Empire of Sports\EmpireOfSports.exe:Empire of Sports
"{D4BCE3F1-5D51-4212-A118-75197CAFFE1C}"= UDP:c:\users\Montuiiri\AppData\Local\F4\ClientUpda ter\ClientUpdater.exe:F4 Game Client Updater
"{EFD0EF4F-8B13-48AA-8652-F520C3B348DE}"= TCP:c:\users\Montuiiri\AppData\Local\F4\ClientUpda ter\ClientUpdater.exe:F4 Game Client Updater
"{ECC24E47-DA98-49B0-855E-0E740CD50FCB}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{C4E4EEE2-808A-4D23-911A-EF6DA36A22E3}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{3415DC57-A401-4AE6-B432-33D505908C1A}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{3BA814FC-FDB2-4956-AD4C-8BAADD37F088}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{DAF41E47-0EB2-4B9B-94DA-390013AA9C3A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{69B1133C-99E0-454F-8083-23F2C0D60CA2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{EF8034F9-B5C9-4B0C-8F2A-D5009829C2EB}"= UDP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:BT Broadband Desktop Help
"{87C8807C-F1EA-481E-AFC5-55B6984442F6}"= TCP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:BT Broadband Desktop Help
"{18AE1656-7773-4A8C-941F-03A99893C261}"= UDP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:BT Broadband Desktop Help Notifier
"{AB0CA344-1AF5-4436-822F-AEAF9E2BD835}"= TCP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:BT Broadband Desktop Help Notifier

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled: eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enab led:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enab led:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled: eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabl ed:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled: eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enab led:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enab led:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled: eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabl ed:eDStbmngr

montuiiri

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/08/2008 19:04 42608]
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\drivers\ AVGIDSErHr.sys [26/02/2009 12:46 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [23/06/2009 13:49 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [23/06/2009 13:48 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/06/2009 13:49 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/06/2009 13:49 108552]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsd efs\20090618.001\IDSvix86.sys [19/06/2009 22:30 272432]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [30/08/2008 19:11 61424]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/06/2009 11:43 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/06/2009 11:43 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/06/2009 11:43 1368952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Agent.exe [26/02/2009 12:46 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Watcher.exe [26/02/2009 12:46 563720]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 21:11 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/08/2008 19:13 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [22/07/2008 20:24 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/08/2008 19:04 3602432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 20:37 149352]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [26/04/2008 05:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/08/2008 19:13 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [26/04/2008 05:36 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/08/2008 19:27 233472]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\pla tform_VISTA\AVGIDSDriver.sys [26/02/2009 12:46 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\pla tform_VISTA\AVGIDSFilter.sys [26/02/2009 12:46 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\pla tform_VISTA\AVGIDSShim.sys [26/02/2009 12:46 29136]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mo n.sys [13/01/2008 03:32 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2009 21:32 101936]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sy s [22/07/2008 20:26 47104]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [22/07/2008 20:26 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 06:05 44064]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symn disv.sys [19/02/2009 12:31 41008]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [28/03/2007 15:51 43008]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [13/04/2009 21:00 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/12/2008 16:44 24064]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [17/12/2008 16:29 81704]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; eSobiSubscriber 2.0.4.16)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 22:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3174598469-3112961280-3084858069-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,eb,47,f8,ca,33,63,fc,fa,1a,65,a8 ,9e,95,5f,29,16,f2,61,06,cb,
b8,63,78,98,f7,6d,d5,ff,5d,5f,ea,87,40,4b,fe,b0,a4 ,24,79,2c,d2,fd,e0,99,cf,\
"rkeysecu"=hex:1c,6b,f6,5e,c0,ba,a1,db,0b,d1,ac,02 ,fd,06,2c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\MONTUI~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Acer\Acer Bio Protection\PwdBank.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Monitor.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Completion time: 2009-06-30 22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 21:41

Pre-Run: 68,291,706,880 bytes free
Post-Run: 67,263,795,200 bytes free

397 --- E O F --- 2009-06-15 20:30

montuiiri

Malwarebytes' Anti-Malware 1.38
Database version: 2358
Windows 6.0.6001 Service Pack 1

02/07/2009 05:34:44
mbam-log-2009-07-02 (05-34-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 221434
Time elapsed: 2 hour(s), 46 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

montuiiri

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:09, on 08/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\MONTUI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS UI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDS UI.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://www.shockwave.com/content/fas...b.1.0.0.21.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://www.shockwave.com/content/wed...b.1.0.0.13.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/bur...sPlayer_v5.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/wed...h.1.0.0.47.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3. dll C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Agent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Watcher.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16735 bytes

montuiiri

i hope this makes sence to you as i had to paste it in different boxes. any help is much appreciated.

thanks in advance

montuiiri

hi

please will respital get back in touch as i still need his help with the virus problems i am having.

thanks