HELP! Computer is infected with rootkit!

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight the following:
  
  Java(TM) 6 Update 7
  
  
• Click on the Uninstall/Change button at the top.
  

Next,

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Driver::
   ezSharedSvc
   
   NetSvc::
   ezSharedSvc
   
   RegLock::
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-02-04.08 - Colm 05/02/2010 19:04:24.2.1 - x86
Microsoft Windows Vista Home Basic 6.0.6002.2.1252.353.1033.18.1790.637 [GMT 0:00]
Running from: c:\users\Colm\Desktop\ComboFix.exe
Command switches used :: c:\users\Colm\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ezSharedSvc


((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 19:26 . 2010-02-05 19:31 -------- d-----w- c:\users\Colm\AppData\Local\temp
2010-02-05 19:26 . 2010-02-05 19:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-05 19:26 . 2010-02-05 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-05 15:30 . 2010-02-05 15:30 -------- d-----w- C:\_OTL
2010-02-04 08:38 . 2009-06-18 12:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-03 22:13 . 2010-02-03 22:13 -------- d-----w- c:\program files\Sophos
2010-02-01 18:32 . 2010-02-01 18:55 -------- d-----w- c:\programdata\Trymedia
2010-02-01 18:26 . 2010-02-01 18:26 -------- d-----w- c:\program files\Infogrames
2010-02-01 16:23 . 2010-02-01 16:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 16:23 . 2010-02-01 16:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-01 15:48 . 2010-02-01 16:02 -------- d-----w- c:\programdata\Comodo
2010-02-01 15:48 . 2010-02-01 18:19 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-01 15:48 . 2010-02-01 18:19 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 15:48 . 2010-02-01 15:48 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-01 15:48 . 2010-02-01 15:48 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-01 15:48 . 2010-02-01 15:48 -------- d-----w- c:\program files\COMODO
2010-02-01 15:15 . 2010-02-01 15:36 -------- d-----w- c:\users\Colm\AppData\Roaming\Atari
2010-02-01 14:58 . 2010-02-01 14:58 -------- d-----w- c:\users\Colm\AppData\Roaming\Leadertech
2010-01-31 18:50 . 2010-01-31 18:50 -------- d-----w- c:\users\Colm\AppData\Roaming\dvdcss
2010-01-30 23:11 . 2010-01-30 23:11 -------- d-----w- c:\users\Colm\AppData\Local\Stardock
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\program files\Stardock
2010-01-30 10:53 . 2010-01-30 10:56 -------- d-----w- c:\programdata\Keyword Elite 2.0
2010-01-30 10:51 . 2010-01-30 16:27 -------- d-----w- c:\program files\Keyword Elite 2.0
2010-01-25 17:20 . 2010-01-25 17:20 -------- d-----w- c:\users\Colm\AppData\Local\IsolatedStorage
2010-01-20 20:51 . 2010-01-20 20:51 -------- d-----w- c:\programdata\Ezprint
2010-01-20 20:50 . 2010-02-04 18:42 -------- d-----w- c:\program files\Lx_cats
2010-01-20 20:50 . 2007-01-30 06:32 118272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxcgpp5c.dll
2010-01-20 20:47 . 2010-01-20 20:51 -------- d-----w- c:\program files\Lexmark 2300 Series
2010-01-16 17:33 . 2010-01-16 17:47 -------- d-----w- c:\program files\Mad Scientist Productions
2010-01-15 17:22 . 2007-10-22 03:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-01-15 17:22 . 2007-10-02 09:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-01-15 17:22 . 2007-10-12 15:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-01-15 17:22 . 2007-10-12 15:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-01-15 17:22 . 2007-07-20 00:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-15 17:22 . 2007-10-22 03:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-01-15 17:20 . 2007-03-05 12:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-01-15 17:20 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-15 17:20 . 2006-07-28 09:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-01-15 17:20 . 2006-07-28 09:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-01-15 17:11 . 2010-01-15 17:11 -------- d-----w- c:\program files\AeriaGames
2010-01-14 17:04 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 17:04 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 19:57 . 2010-02-02 20:00 -------- d-----w- c:\users\Colm\AppData\Roaming\FileZilla
2010-01-12 19:56 . 2010-01-12 19:57 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-11 22:36 . 2010-01-11 22:36 -------- d-----w- c:\program files\Safari
2010-01-09 22:08 . 2010-01-15 21:25 -------- d-----w- c:\program files\Common Files\Real
2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-01-08 21:21 . 2010-01-08 21:21 -------- d-----w- c:\users\Colm\AppData\Local\TechSmith
2010-01-07 18:37 . 2009-08-19 05:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-07 18:37 . 2010-01-07 18:37 -------- d-----w- c:\windows\system32\QuickTime
2010-01-07 18:37 . 2010-01-07 18:37 -------- d-----w- c:\programdata\TechSmith
2010-01-07 18:36 . 2010-01-07 18:36 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-01-07 18:35 . 2010-01-07 18:35 -------- d-----w- c:\program files\TechSmith

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 19:32 . 2009-05-14 18:12 -------- d-----w- c:\users\Colm\AppData\Roaming\uTorrent
2010-02-05 19:03 . 2009-05-09 17:44 -------- d-----w- c:\users\Colm\AppData\Roaming\Skype
2010-02-05 18:55 . 2008-10-25 18:07 -------- d-----w- c:\program files\Java
2010-02-05 18:46 . 2009-05-11 19:18 -------- d-----r- c:\program files\Skype
2010-02-05 18:46 . 2009-05-09 17:41 -------- d-----w- c:\programdata\Skype
2010-02-05 17:39 . 2009-05-09 17:44 -------- d-----w- c:\users\Colm\AppData\Roaming\skypePM
2010-02-05 17:33 . 2009-09-30 17:44 -------- d-----w- c:\program files\Cheat Engine
2010-02-04 18:41 . 2009-05-17 21:29 -------- d-----w- c:\users\Colm\AppData\Roaming\vlc
2010-02-03 21:50 . 2009-05-09 17:44 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-03 21:50 . 2009-01-11 20:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-03 21:49 . 2009-05-09 20:43 41952 ----a-w- c:\programdata\nvModes.dat
2010-02-01 15:41 . 2008-10-25 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 12:47 . 2009-11-28 12:25 -------- d-----w- c:\users\Colm\AppData\Roaming\DMCache
2010-01-28 21:49 . 2010-01-03 00:37 -------- d-----w- c:\users\Colm\AppData\Roaming\Nvu
2010-01-26 23:21 . 2009-05-09 22:24 -------- d-----w- c:\program files\Google
2010-01-26 23:17 . 2008-10-25 17:05 -------- d-----w- c:\program files\HP Games
2010-01-26 23:08 . 2009-12-18 20:48 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-01-26 22:50 . 2009-05-14 18:13 -------- d-----w- c:\program files\uTorrent
2010-01-26 21:09 . 2008-10-25 17:47 -------- d-----w- c:\programdata\Microsoft Help
2010-01-25 20:05 . 2010-01-05 20:17 -------- d-----w- c:\users\Colm\AppData\Roaming\Mipony
2010-01-25 17:12 . 2009-06-17 18:50 -------- d-----w- c:\program files\Electronic Arts
2010-01-22 21:14 . 2009-07-15 15:47 -------- d-----w- c:\program files\Steam
2010-01-22 15:31 . 2009-10-01 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 17:38 . 2010-01-05 21:42 -------- d-----w- c:\program files\Immunet Protect
2010-01-16 15:33 . 2009-06-02 14:45 -------- d-----w- c:\users\Colm\AppData\Roaming\CyberLink
2010-01-15 03:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 23:26 . 2009-09-14 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 23:26 . 2009-12-24 19:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 11:12 . 2009-10-03 11:36 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 16:07 . 2009-09-14 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-09-14 21:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:17 . 2010-01-05 20:17 -------- d-----w- c:\program files\MiPony
2010-01-05 19:44 . 2010-01-05 19:41 -------- d-----w- c:\program files\Nakido
2010-01-03 00:37 . 2010-01-03 00:37 -------- d-----w- c:\program files\Nvu
2010-01-02 14:35 . 2010-01-02 14:35 -------- d-----w- c:\program files\WinSCP
2010-01-02 06:38 . 2010-01-21 19:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 19:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 19:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 23:27 . 2010-01-01 23:27 -------- d-----w- c:\program files\Tap Maker
2010-01-01 17:34 . 2010-01-01 17:34 -------- d-----w- c:\program files\iPhone Explorer
2009-12-31 17:05 . 2009-12-31 17:05 -------- d-----w- c:\program files\Sector69
2009-12-30 21:10 . 2009-12-30 21:10 -------- d-----w- c:\users\Colm\AppData\Roaming\KompoZer
2009-12-30 15:26 . 2009-11-24 21:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 15:25 . 2009-11-24 21:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-30 15:25 . 2009-05-25 19:14 38784 ----a-w- c:\users\Colm\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-27 22:56 . 2009-12-27 22:56 -------- d-----w- c:\program files\Air Mouse
2009-12-27 22:36 . 2009-12-27 22:12 -------- d-----w- c:\program files\UltraVNC
2009-12-25 11:20 . 2009-05-17 13:34 -------- d-----w- c:\users\Colm\AppData\Roaming\Apple Computer
2009-12-25 11:13 . 2009-05-17 13:30 -------- d-----w- c:\programdata\Apple
2009-12-24 19:38 . 2009-08-19 15:57 -------- d-----w- c:\program files\StumbleUpon
2009-12-24 19:34 . 2009-12-24 19:34 -------- d-----w- c:\program files\ImRe
2009-12-19 20:20 . 2009-12-19 20:20 -------- d-----w- c:\program files\Gabest
2009-12-18 23:04 . 2009-12-18 23:03 -------- d-----w- c:\program files\Flash Convert
2009-12-17 20:14 . 2009-12-17 20:13 -------- d-----w- c:\program files\Yawcam
2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- c:\users\Colm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-28 12:18 . 2009-05-09 17:26 76856 ----a-w- c:\users\Colm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 18:00 . 2009-09-16 14:26 680 ----a-w- c:\users\Colm\AppData\Local\d3d9caps.dat
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-24 23:54 . 2009-05-10 20:02 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-05-10 20:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-10 20:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-10 20:02 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-05-10 20:03 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-10 20:03 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-10 20:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 10:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-25 17:09 . 2008-10-25 16:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-26 319280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-01 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):27,eb,7e,f6,e6,3e,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/05/2009 20:03 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [01/02/2010 15:48 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [01/02/2010 15:48 29520]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\System32\SAVRKBootTasks.sys [04/02/2010 08:38 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/05/2009 20:03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/05/2009 20:02 53328]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 18:11 365952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/08/2009 19:24 66592]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 17:02 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:33 21504]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [08/12/2009 22:41 120232]
S4 gupdate1c9d0f57a744239;Google Update Service (gupdate1c9d0f57a744239);c:\program files\Google\Update\GoogleUpdate.exe [09/05/2009 22:28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 22:28]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 22:28]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000Core.job
- c:\users\Colm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 15:33]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000UA.job
- c:\users\Colm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 15:33]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{F2A32BAD-8815-408D-9F45-D8CFFF25C714}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/firefox
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\users\Colm\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Colm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C909.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3708)
c:\program files\WinSCP\DragExt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2010-02-05 19:40:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 19:40

Pre-Run: 56,555,749,376 bytes free
Post-Run: 57,686,327,296 bytes free

- - End Of File - - 8029E51DAE262D8F8A52A6ACA65109C7

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Thank you SO much for all of your help! I thought I was going to have to reinstall windows!! My machine is running beautifully! Do you think that my computer security is sufficient or would you like to reccomend me some (free) programs.
Thanks once again, You are a legend!

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thanks so much for all your help! You're great!