Hi,
My sons laptop has been infected with something that has shut down the firewall & the antivirus application.
I have tried installing other antivirus apps but whatever is there is stopping them from updating and is also preventing them from starting. Even if I try to start them manually the intruder is forcing them to deactivate themselves.
Any Ideas guys?
Regards
Paul

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

As requested:
Hope I've got it right!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:26, on 07/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Users\Admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yc...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yc...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SD_Tips] iexplore http://www.spywaredetector.net/tips...
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11364 bytes

ComboFix 08-02.05.3 - Admin 2008-02-07 22:25:12.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.105 [GMT 0:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\hosts

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 20:41 . 2008-02-07 20:43 <DIR> d-------- C:\Program Files\SpywareDetector
2008-02-07 20:41 . 2007-03-19 12:39 270,336 --a------ C:\Windows\System32\CheckDll.dll
2008-02-07 20:41 . 2008-01-25 18:58 67,024 --a------ C:\Windows\System32\CloseAll.exe
2008-02-07 20:41 . 2008-02-07 20:44 33,292 --a------ C:\Windows\System32\SDRemoveDB.db
2008-02-07 20:41 . 2008-01-30 11:03 6,144 --a------ C:\Windows\System32\SDEarlyDelete.exe
2008-02-07 20:41 . 2005-02-06 09:02 104 --a------ C:\Windows\System32\ProxySettings.ini
2008-02-07 20:41 . 2008-02-07 20:41 63 --a------ C:\Windows\system\SysSD.dll
2008-02-07 17:09 . 2007-12-04 14:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-07 17:08 . 2007-12-04 13:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-07 17:08 . 2004-01-09 09:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-07 17:08 . 2007-12-04 12:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-07 17:08 . 2007-12-04 14:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-07 17:08 . 2007-12-04 14:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-07 17:07 . 2008-02-07 17:07 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-02-07 16:55 . 2008-02-07 16:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-06 23:53 . 2008-02-07 19:43 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-06 23:53 . 2008-02-07 19:43 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-06 23:53 . 2008-02-07 19:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 23:47 . 2008-02-06 23:47 <DIR> d-------- C:\Users\All Users\iolo
2008-02-06 23:47 . 2008-02-06 23:47 <DIR> d-------- C:\Users\Admin\AppData\Roaming\iolo
2008-02-06 23:47 . 2008-02-06 23:47 <DIR> d-------- C:\ProgramData\iolo
2008-02-06 22:34 . 2008-02-07 00:11 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-02-06 22:34 . 2008-02-07 00:11 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-23 11:45 . 2008-01-23 11:45 <DIR> d-------- C:\HiTRUSTDrive
2008-01-17 23:53 . 2008-01-17 23:53 <DIR> d-------- C:\Users\Admin\AppData\Roaming\ScannerData
2008-01-16 20:53 . 2008-01-16 20:53 <DIR> d-------- C:\Program Files\Temp
2008-01-16 20:53 . 2008-02-07 11:19 <DIR> d-------- C:\Program Files\BearPaw 1200CU Plus
2008-01-09 13:33 . 2008-01-09 13:33 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 13:33 . 2008-01-09 13:33 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 13:33 . 2008-01-09 13:33 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 13:33 . 2008-01-09 13:33 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 13:33 . 2008-01-09 13:33 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 13:33 . 2008-01-09 13:33 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 13:33 . 2008-01-09 13:33 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 13:32 . 2008-01-09 13:32 11,776 --a------ C:\Windows\System32\sbunattend.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 11:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 11:24 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-07 11:21 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-02-07 11:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-07 11:21 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-07 11:21 --------- d-----w C:\Program Files\Windows Mail
2008-02-07 11:20 --------- d-----w C:\Program Files\Windows Journal
2008-02-07 11:20 --------- d-----w C:\Program Files\Windows Defender
2008-02-07 11:20 --------- d-----w C:\Program Files\Windows Collaboration
2008-02-07 11:20 --------- d-----w C:\Program Files\Topfield
2008-02-07 11:20 --------- d-----w C:\Program Files\Symantec
2008-02-07 11:20 --------- d-----w C:\Program Files\QuickTime Alternative
2008-02-07 11:20 --------- d-----w C:\Program Files\O2Micro Oz128 Driver
2008-02-07 11:20 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-07 11:20 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-07 11:20 --------- d-----w C:\Program Files\Microsoft Works
2008-02-07 11:20 --------- d-----w C:\Program Files\Launch Manager
2008-02-07 11:20 --------- d-----w C:\Program Files\Common Files\Motive
2008-02-07 11:20 --------- d-----w C:\Program Files\Common Files\BTHelena
2008-02-07 11:20 --------- d-----w C:\Program Files\BTHomeHub
2008-02-07 11:20 --------- d-----w C:\Program Files\BT Broadband Talk Softphone
2008-02-07 11:20 --------- d-----w C:\Program Files\BBDesktopHelpUpgradeAdvisor
2008-02-07 11:20 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-02-07 11:20 --------- d-----w C:\Program Files\ACER Crystal Eye webcam
2008-02-07 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 11:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-07 11:19 --------- d-----w C:\Program Files\Common Files\Java
2008-02-07 11:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-07 11:18 --------- d-----w C:\Program Files\Windows Calendar
2008-02-07 11:18 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-15 09:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 05:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-04 22:23 --------- d-----w C:\ProgramData\Symantec
2007-12-26 17:09 --------- d-----w C:\Users\Admin\AppData\Roaming\U3
2007-12-26 15:36 --------- d--h--w C:\ProgramData\CanonBJ
2007-12-24 00:36 --------- d-----w C:\Program Files\Mach5 Software
2007-12-21 03:16 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-21 03:15 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-21 03:15 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-21 03:15 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-21 03:14 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-21 03:14 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-21 03:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-21 03:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-21 03:05 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-21 03:05 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-21 03:05 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-21 03:05 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-21 03:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-21 03:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-20 19:52 --------- d-----w C:\Program Files\LogMeIn
2007-12-20 15:54 --------- d-----w C:\ProgramData\Yahoo!
2007-12-20 13:44 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-20 13:44 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-20 13:44 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-20 13:36 --------- d-----w C:\ProgramData\Yahoo! Companion
2007-12-20 13:33 --------- d-----w C:\Users\Admin\AppData\Roaming\BT
2007-12-20 13:32 --------- d-----w C:\Program Files\Yahoo!
2007-12-20 13:28 --------- d-----w C:\ProgramData\Motive
2007-12-04 23:24 87,352 ----a-w C:\Windows\System32\LMIinit.dll
2007-12-04 23:24 83,288 ----a-w C:\Windows\System32\LMIRfsClientNP.dll
2007-12-04 23:24 23,736 ----a-w C:\Windows\System32\lmimirr.dll
2007-12-04 23:24 21,496 ----a-w C:\Windows\System32\LMIport.dll
2007-12-04 23:24 10,040 ----a-w C:\Windows\System32\lmimirr2.dll
2007-12-03 01:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-03 01:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-03 01:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-03 01:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-03 01:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-03 01:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-03 01:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-03 01:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-03 01:15 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-03 01:15 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-03 01:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-03 01:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-03 01:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-03 01:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-03 01:00 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-12-03 01:00 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-12-03 00:56 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-03 00:56 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-03 00:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-03 00:55 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-09-01 01:33 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 13:32 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 19:35 90112]
"Acer Tour Reminder"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11 4670968]
"BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 09:39 61440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 23:51 4435968 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-07 00:00 815104]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 20:44 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 20:42 22696]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-03-10 01:51 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 04:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 23:21 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-13 00:42 457728]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 08:04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 13:27 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"BTHelena_McciTrayApp"="C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe" [2007-07-17 10:26 1001472]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"SD_Tips"="iexplore http://www.spywaredetector.net/tips... []
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2008-01-28 12:48 706000]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2008-02-01 18:31 423376]

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kremlin Sentry.lnk - C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe [2007-12-24 00:36:31 221184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-04 22:18:39 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-01-28 11:30 167936 C:\Program Files\SpywareDetector\SDNotify.dll

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 17:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-02 23:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-13 00:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-13 00:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-13 00:43]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080114.001\IDSvix86.sys [2007-11-06 16:07]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 23:51]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-13 00:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-18 02:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-25 00:40]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-08 01:12]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 19:57]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 StkASSrv;Syntek STK1150 Service;C:\Windows\System32\StkASv2K.exe [2006-05-24 06:49]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-04-24 22:48]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 16:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 05:58]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-08 01:35]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 07:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]
S3 PhSerUsb;PHILOG USB Serial Driver;C:\Windows\system32\DRIVERS\PhSerUsb.sys [2005-11-04 04:19]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 07:30]
S3 StkAMini;Syntek STK1150;C:\Windows\system32\Drivers\StkAMini.sys [2006-09-27 03:01]
S3 StkScan;Syntek STK1150 Filter Driver;C:\Windows\system32\Drivers\StkScan.sys [2006-08-02 06:44]
S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [2007-05-31 21:11]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 20:00:23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Admin.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-02-07 11:26:10 C:\Windows\Tasks\User_Feed_Synchronization-{F13E0DBB-201A-4347-95F1-9BE8AE2E2861}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 22:27:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 22:28:53
ComboFix-quarantined-files.txt 2008-02-07 22:28:51
.
2008-02-07 16:44:26 --- E O F ---

Looks clean to me, how is the computer operating?

Fine as far as it goes but I can't get any antivirus application to either update or to start working.
For instance I have Avast home edition installed but I can't get it to update or to start real time monitoring - It will do a system scan but that's all. I I tell it to start monitoring it immediately turns monitoring off again. I've tried 3 separate apps & they all behave the same way. They cannot access the update servers & they immediately go dormant if I try to get them to monitor in real time.
regards
Paul

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.