Solve : Scan results hope you can help me.?

1.	Solve : Scan results hope you can help me.?
Answer» Heres the scan will put hijack thing in the next post. ComboFix 08-08-30.01 - Jill 2008-08-31 2:14:36.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.149 [GMT 1:00] Running from: C:\Documents and Settings\Jill\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))) . 2008-08-31 01:14 . 2008-08-31 01:14d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-08-31 01:14 . 2008-08-31 01:14d--------C:\Documents and Settings\Jill\Application Data\Malwarebytes 2008-08-31 01:14 . 2008-08-31 01:14d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-31 01:14 . 2008-08-17 15:0138,472--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-31 01:14 . 2008-08-17 15:0117,144--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 13:50 . 2008-08-30 13:50d--------C:\Documents and Settings\Jill\Application Data\PCToolsFirewallPlus 2008-08-30 13:47 . 2008-08-30 13:57d--------C:\Program Files\PC Tools Firewall Plus 2008-08-30 13:47 . 2008-08-30 13:47d--------C:\Program Files\Common Files\PC Tools 2008-08-30 13:47 . 2008-07-28 11:29160,792--a------C:\WINDOWS\system32\drivers\pctfw2.sys 2008-08-30 13:47 . 2008-07-17 16:5393,952--a------C:\WINDOWS\system32\drivers\pctfw.sys 2008-08-30 13:47 . 2008-08-05 15:5858,136--a------C:\WINDOWS\system32\drivers\FWAuthdriver.sys 2008-08-30 12:34 . 2008-04-14 01:1222,528--a------C:\WINDOWS\system32\wsock32.dlb 2008-08-30 12:33 . 2008-08-30 12:33d--------C:\Program Files\Comodo 2008-08-30 12:33 . 2008-08-30 12:33d--------C:\Documents and Settings\All Users\Application Data\BOC427 2008-08-30 12:33 . 2008-07-14 05:09212,728--a------C:\WINDOWS\CMDLIC.DLL 2008-08-30 12:33 . 2008-07-14 05:09205,560--a------C:\WINDOWS\UNBOC.EXE 2008-08-30 12:33 . 2008-08-31 02:099,309--a------C:\WINDOWS\BOC427.INI 2008-08-29 23:30 . 2008-08-30 09:16d--------C:\Documents and Settings\Jill\.housecall6.6 2008-08-28 21:19 . 2008-08-28 21:19d--------C:\Program Files\Alwil Software 2008-08-28 21:02 . 2008-08-28 21:02d--------C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-17 21:11 . 2008-08-17 21:11d--------C:\Program Files\Trend Micro 2008-08-17 20:42 . 2008-08-17 18:52262,144--a------C:\Program Files\Uninstall Spy Blocker.dll 2008-08-17 18:50 . 2008-08-17 18:50d--------C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-17 18:50 . 2008-08-17 18:524,212---h-----C:\WINDOWS\system32\zllictbl.dat 2008-08-17 18:49 . 2004-04-27 04:4011,264--a------C:\WINDOWS\system32\SpOrder.dll 2008-08-17 18:47 . 2008-08-17 19:13d--------C:\WINDOWS\Internet Logs 2008-08-14 08:07 . 2008-05-01 15:33331,776-----c---C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 08:06 . 2008-04-11 20:04691,712-----c---C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 00:48 . 2008-08-17 16:46d--------C:\Documents and Settings\Jill\Application Data\LimeWire 2008-08-11 00:47 . 2008-08-17 17:20d--------C:\Program Files\LimeWire 2008-08-03 22:04 . 2008-08-31 01:45d--------C:\Program Files\a-squared Free 2008-07-08 08:53 . 2008-07-08 08:53d--------C:\Program Files\Sun 2008-07-07 21:26 . 2008-07-07 21:26253,952-----c---C:\WINDOWS\system32\dllcache\es.dll 2008-07-07 14:14 . 2008-07-07 14:141,606--a------C:\WINDOWS\system32\PerfStringBackup.TMP 2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\system32\scripting 2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\system32\en 2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\system32\bits 2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\l2schemas 2008-07-07 13:50 . 2008-07-07 13:54d--------C:\WINDOWS\ServicePackFiles 2008-07-07 13:43 . 2008-07-07 13:43d--------C:\WINDOWS\EHome 2008-07-07 13:31 . 2008-04-14 01:124,274,816---------C:\WINDOWS\system32\nv4_disp.dll 2008-07-07 13:30 . 2008-04-14 01:111,888,992---------C:\WINDOWS\system32\ati3duag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-30 23:42---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-08-30 19:40---------d-----wC:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-30 12:55---------d-----wC:\Program Files\SpywareBlaster 2008-08-25 18:20---------d-----wC:\Program Files\HP 2008-08-24 17:41---------d-----wC:\Program Files\Java 2008-08-24 16:1138,488----a-wC:\Documents and Settings\Jill\Application Data\wklnhst.dat 2008-08-17 17:57---------d-----wC:\Program Files\Spybot - Search & Destroy 2008-08-17 17:57---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-16 15:20---------d-----wC:\Documents and Settings\Jill\Application Data\Canon 2008-08-08 10:26---------d-----wC:\Program Files\Google 2008-07-07 20:26253,952----a-wC:\WINDOWS\system32\es.dll 2008-07-07 13:14---------d-----wC:\Program Files\MSN Messenger 2008-06-24 16:4374,240----a-wC:\WINDOWS\system32\mscms.dll 2008-06-23 16:57826,368----a-wC:\WINDOWS\system32\wininet.dll 2008-06-20 17:46245,248----a-wC:\WINDOWS\system32\mswsock.dll 2008-05-09 10:5390,112----a-wC:\WINDOWS\system32\wshext.dll 2008-05-09 10:53430,080----a-wC:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53180,224----a-wC:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53172,032----a-wC:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24155,648----a-wC:\WINDOWS\system32\wscript.exe 2008-05-07 09:07135,168----a-wC:\WINDOWS\system32\cscript.exe 2008-05-07 05:121,288,192----a-wC:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 10:38 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768] "EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" [2003-09-11 04:00 99840] "DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [2004-05-27 12:07 1659050] "DSLAGENTEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [2004-05-27 12:07 16384] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-07-16 13:50 1409136] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 19:24 77824] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008] "BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 05:09 351480] "00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 15:58 2611096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-14 20:46:25 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-03-14 21:11:42 634880] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe [2006-05-20 21:51:49 962660] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-19 17:36:53 124912] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-09-29 18:43:11 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProvidersmsapsspc.dllschannel.dlldigest.dllmsnss pc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35] R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37] R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 15:58] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2007-03-22 20:05] S3 CoachVid;CoachVid;C:\WINDOWS\system32\DRIVERS\CoachVid.sys [2007-03-22 20:05] S3 lredbooo;lredbooo;C:\DOCUME~1\Jill\LOCALS~1\Temp\lredbooo.sys [] S3 SiSCom;SISCom_Com;D:\Drivers\Display\WinXP_2K\utilDLL\SiSCom.sys [] Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-WantedGunsSetup.exe - C:\DOWNLO~1\WANTED~1.EXE . ------- Supplementary Scan ------- . FireFox -: PROFILE - C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\kn2oh0jn.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.co.uk/ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 02:20:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2008-08-31 2:24:55 ComboFix-quarantined-files.txt 2008-08-31 01:24:39 Pre-Run: 13,710,651,392 bytes free Post-Run: 13,720,997,888 bytes free 161--- E O F ---2008-08-14 23:38:38 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:29:15, on 31/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164234819625 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! MAIL Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8285 bytes Everything looks fine. It must be just some LOCKED Windows files that Avast can't open to scan. Click START then RUN Now type Combofix /U in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. Phew thats a relief, it did say it had moved several of the my doom things to the chest but 2 failed, may be they went in later? Anyway as I said it came up clean earlier today so hopefully I am clean. Will do what you said in your last post and do I need to do anything else? If not can I thank you very much indeed for all your help and as its 3 in the morning where I am wish you a very good night.Quote it did say it had moved several of the my doom things to the chest but 2 failed Might have been restore points. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your COMPUTER to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. OK the last thing you told me to do is scanning now. Just one thing when I did this:- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. I clicked on it and it didn't actually show as doing anything was it just automatic.Maybe. You can make sure they are gone by toggling it off and then back on. Turn OFF System Restore On the Desktop, right-click My Computer Click Properties Click the System Restore tab. Check Turn off System Restore Click Apply, and then click OK . Restart your computer Turn ON System Restore On the Desktop, right-click My Computer Click Properties Click the System Restore tab. UN-Check Turn off System Restore Click Apply, and then click OK . System Restore will now be active againDid i need to do another restore point after turning restore back on. Also the inspector thing found lots of java updates amongst lots of other things do I need to update them all?It will create a restore point when you turn it back on. For the Java run this. It will remove all of the old versions and leave the new one there. Download JavaRa Unzip the file and open the JavaRa.exe Click Remove Older Versions JavaRa will search for and remove any outdated version of Java and remove any that are found. Exit JavaRa Delete the JavaRa .zip .exe and .html files from the Desktop** OK will work my way through the inspector thing tomorrow and then do the java thing. Am I ok now? Can I go to bed ?? xxxGood to go.You are a darling and thank you sooooo much. Your patience and expertise appears endless. Byeeeeeeeeeeeeeeeeee xxNo problem. Safe surfing...

Answer»

Heres the scan will put hijack thing in the next post.

ComboFix 08-08-30.01 - Jill 2008-08-31 2:14:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.149 [GMT 1:00]
Running from: C:\Documents and Settings\Jill\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-31 01:14 . 2008-08-31 01:14d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 01:14 . 2008-08-31 01:14d--------C:\Documents and Settings\Jill\Application Data\Malwarebytes
2008-08-31 01:14 . 2008-08-31 01:14d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 01:14 . 2008-08-17 15:0138,472--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-31 01:14 . 2008-08-17 15:0117,144--a------C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 13:50 . 2008-08-30 13:50d--------C:\Documents and Settings\Jill\Application Data\PCToolsFirewallPlus
2008-08-30 13:47 . 2008-08-30 13:57d--------C:\Program Files\PC Tools Firewall Plus
2008-08-30 13:47 . 2008-08-30 13:47d--------C:\Program Files\Common Files\PC Tools
2008-08-30 13:47 . 2008-07-28 11:29160,792--a------C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-30 13:47 . 2008-07-17 16:5393,952--a------C:\WINDOWS\system32\drivers\pctfw.sys
2008-08-30 13:47 . 2008-08-05 15:5858,136--a------C:\WINDOWS\system32\drivers\FWAuthdriver.sys
2008-08-30 12:34 . 2008-04-14 01:1222,528--a------C:\WINDOWS\system32\wsock32.dlb
2008-08-30 12:33 . 2008-08-30 12:33d--------C:\Program Files\Comodo
2008-08-30 12:33 . 2008-08-30 12:33d--------C:\Documents and Settings\All Users\Application Data\BOC427
2008-08-30 12:33 . 2008-07-14 05:09212,728--a------C:\WINDOWS\CMDLIC.DLL
2008-08-30 12:33 . 2008-07-14 05:09205,560--a------C:\WINDOWS\UNBOC.EXE
2008-08-30 12:33 . 2008-08-31 02:099,309--a------C:\WINDOWS\BOC427.INI
2008-08-29 23:30 . 2008-08-30 09:16d--------C:\Documents and Settings\Jill\.housecall6.6
2008-08-28 21:19 . 2008-08-28 21:19d--------C:\Program Files\Alwil Software
2008-08-28 21:02 . 2008-08-28 21:02d--------C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-17 21:11 . 2008-08-17 21:11d--------C:\Program Files\Trend Micro
2008-08-17 20:42 . 2008-08-17 18:52262,144--a------C:\Program Files\Uninstall Spy Blocker.dll
2008-08-17 18:50 . 2008-08-17 18:50d--------C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-17 18:50 . 2008-08-17 18:524,212---h-----C:\WINDOWS\system32\zllictbl.dat
2008-08-17 18:49 . 2004-04-27 04:4011,264--a------C:\WINDOWS\system32\SpOrder.dll
2008-08-17 18:47 . 2008-08-17 19:13d--------C:\WINDOWS\Internet Logs
2008-08-14 08:07 . 2008-05-01 15:33331,776-----c---C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 08:06 . 2008-04-11 20:04691,712-----c---C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 00:48 . 2008-08-17 16:46d--------C:\Documents and Settings\Jill\Application Data\LimeWire
2008-08-11 00:47 . 2008-08-17 17:20d--------C:\Program Files\LimeWire
2008-08-03 22:04 . 2008-08-31 01:45d--------C:\Program Files\a-squared Free
2008-07-08 08:53 . 2008-07-08 08:53d--------C:\Program Files\Sun
2008-07-07 21:26 . 2008-07-07 21:26253,952-----c---C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 14:14 . 2008-07-07 14:141,606--a------C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\system32\scripting
2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\system32\en
2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\system32\bits
2008-07-07 13:54 . 2008-07-07 13:54d--------C:\WINDOWS\l2schemas
2008-07-07 13:50 . 2008-07-07 13:54d--------C:\WINDOWS\ServicePackFiles
2008-07-07 13:43 . 2008-07-07 13:43d--------C:\WINDOWS\EHome
2008-07-07 13:31 . 2008-04-14 01:124,274,816---------C:\WINDOWS\system32\nv4_disp.dll
2008-07-07 13:30 . 2008-04-14 01:111,888,992---------C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 23:42---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 19:40---------d-----wC:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-30 12:55---------d-----wC:\Program Files\SpywareBlaster
2008-08-25 18:20---------d-----wC:\Program Files\HP
2008-08-24 17:41---------d-----wC:\Program Files\Java
2008-08-24 16:1138,488----a-wC:\Documents and Settings\Jill\Application Data\wklnhst.dat
2008-08-17 17:57---------d-----wC:\Program Files\Spybot - Search & Destroy
2008-08-17 17:57---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 15:20---------d-----wC:\Documents and Settings\Jill\Application Data\Canon
2008-08-08 10:26---------d-----wC:\Program Files\Google
2008-07-07 20:26253,952----a-wC:\WINDOWS\system32\es.dll
2008-07-07 13:14---------d-----wC:\Program Files\MSN Messenger
2008-06-24 16:4374,240----a-wC:\WINDOWS\system32\mscms.dll
2008-06-23 16:57826,368----a-wC:\WINDOWS\system32\wininet.dll
2008-06-20 17:46245,248----a-wC:\WINDOWS\system32\mswsock.dll
2008-05-09 10:5390,112----a-wC:\WINDOWS\system32\wshext.dll
2008-05-09 10:53430,080----a-wC:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53180,224----a-wC:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53172,032----a-wC:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24155,648----a-wC:\WINDOWS\system32\wscript.exe
2008-05-07 09:07135,168----a-wC:\WINDOWS\system32\cscript.exe
2008-05-07 05:121,288,192----a-wC:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 10:38 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" [2003-09-11 04:00 99840]
"DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [2004-05-27 12:07 1659050]
"DSLAGENTEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [2004-05-27 12:07 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-07-16 13:50 1409136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 19:24 77824]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 05:09 351480]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 15:58 2611096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-14 20:46:25 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-03-14 21:11:42 634880]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe [2006-05-20 21:51:49 962660]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-19 17:36:53 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-09-29 18:43:11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProvidersmsapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 15:58]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2007-03-22 20:05]
S3 CoachVid;CoachVid;C:\WINDOWS\system32\DRIVERS\CoachVid.sys [2007-03-22 20:05]
S3 lredbooo;lredbooo;C:\DOCUME~1\Jill\LOCALS~1\Temp\lredbooo.sys []
S3 SiSCom;SISCom_Com;D:\Drivers\Display\WinXP_2K\utilDLL\SiSCom.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WantedGunsSetup.exe - C:\DOWNLO~1\WANTED~1.EXE

.
------- Supplementary Scan -------
.
FireFox -: PROFILE - C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\kn2oh0jn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.co.uk/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 02:20:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-31 2:24:55
ComboFix-quarantined-files.txt 2008-08-31 01:24:39

Pre-Run: 13,710,651,392 bytes free
Post-Run: 13,720,997,888 bytes free

161--- E O F ---2008-08-14 23:38:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:29:15, on 31/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164234819625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! MAIL Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8285 bytes

LOCKED

Click START then RUN
Now type Combofix /U in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

Phew thats a relief, it did say it had moved several of the my doom things to the chest but 2 failed, may be they went in later?

Anyway as I said it came up clean earlier today so hopefully I am clean.

Will do what you said in your last post and do I need to do anything else?

If not can I thank you very much indeed for all your help and as its 3 in the morning where I am wish you a very good night.Quote

it did say it had moved several of the my doom things to the chest but 2 failed

Might have been restore points.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your COMPUTER to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

OK the last thing you told me to do is scanning now.

Just one thing when I did this:-

Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

I clicked on it and it didn't actually show as doing anything was it just automatic.Maybe. You can make sure they are gone by toggling it off and then back on.

Turn OFF System Restore

On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check Turn off System Restore
Click Apply, and then click OK

.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check Turn off System Restore
Click Apply, and then click OK

.
System Restore will now be active againDid i need to do another restore point after turning restore back on.

Also the inspector thing found lots of java updates amongst lots of other things do I need to update them all?It will create a restore point when you turn it back on.

For the Java run this. It will remove all of the old versions and leave the new one there.

Download JavaRa

Unzip the file and open the JavaRa.exe
Click Remove Older Versions
JavaRa will search for and remove any outdated version of Java and remove any that are found.
Exit JavaRa
Delete the JavaRa .zip .exe and .html files from the Desktop

OK will work my way through the inspector thing tomorrow and then do the java thing.

Am I ok now?

Can I go to bed ?? xxxGood to go.You are a darling and thank you sooooo much.

Your patience and expertise appears endless.

Byeeeeeeeeeeeeeeeeee xxNo problem.

Safe surfing...

Solve : Scan results hope you can help me.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment