PC hija8+6

Home » Windows & System Security » HiJack This Logs » PC hija8+6

PC hija8+6

Rate Topic

Display Mode

Topic Options

Author

Message

jswarb001

Posted 8/24/2008 4:22 PM

New Member

Group: Forum Members
Last Login: 7/19/2008 6:12 AM
Posts: 97, Visits: 235

Hi my pc keeps going onto different web pages without me clicking them and the menu bar from "my computer" keeps appearing. I may have been hijacked. Can you help please?

thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18, on 2008-08-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redissue.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139054846968
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11029 bytes

Post #243469

RichieUK

Posted 8/24/2008 4:33 PM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,045, Visits: 54,734

Welcome

Download and scan with CCleaner:
http://www.ccleaner.com/download/builds
1. Starting with v1.27.260, CCleaner started installing the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free 'Slim' version instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.

In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.

* Now click on the 'Registry' tab/button on the left.
* Then click on the 'Scan for issues' button at the bottom.
* If CCleaner displays any issues,click on 'Fix selected issues'.
* You'll then be asked 'Do you want to backup changes to the registry',you must click 'YES'.
* Save the backup somewhere safe,your desktop is a good a place as any.
* Then click 'Fix Issues',then click 'Close'.
* Exit CCleaner.

If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall

Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

________________________________________

ASAP & UNITE member since 2006

Post #243470

jswarb001

Posted 8/24/2008 5:09 PM

New Member

Group: Forum Members
Last Login: 7/19/2008 6:12 AM
Posts: 97, Visits: 235

ComboFix 08-08-23.03 - JOHN SWARBRICK 2008-08-24 22:58:16.4 - [color=red]FAT32[/color]x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.640 [GMT 1:00]
Running from: C:\Documents and Settings\JOHN SWARBRICK\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JOHN SWARBRICK\Cookies\john swarbrick@ancestry[1].txt
C:\Documents and Settings\JOHN SWARBRICK\Cookies\john swarbrick@clicktorrent[1].txt
C:\Documents and Settings\JOHN SWARBRICK\Cookies\john swarbrick@peach.bskyb[2].txt
C:\Documents and Settings\JOHN SWARBRICK\Cookies\john swarbrick@rtm[3].txt
C:\Documents and Settings\JOHN SWARBRICK\Cookies\john swarbrick@social.bidsystem[1].txt
C:\Documents and Settings\JOHN SWARBRICK\Cookies\john swarbrick@tsw0[1].txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 22:11 . 2008-08-24 22:11 2,922,072 --a------ C:\ccsetup210.exe
2008-08-24 14:26 . 2008-08-24 14:26 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-08-24 14:26 . 2004-08-04 07:52 413,696 -ra------ C:\WINDOWS\system32\msvca3d5.rra
2008-08-24 14:26 . 2006-10-20 16:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-08-24 14:26 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-08-24 14:25 . 2008-08-24 14:25 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-08-21 17:15 . 2008-08-21 17:15 187 --a------ C:\Shortcut (3) to ACERDATA (D).lnk
2008-08-11 20:20 . 2008-08-11 20:20 <DIR> d-------- C:\Documents and Settings\JOHN SWARBRICK\Application Data\Safe Software
2008-08-11 19:45 . 2008-08-11 19:44 366 --a------ C:\Documents and Settings\Cath\OVH properties and patch codes.zip
2008-08-06 20:28 . 2008-08-06 20:28 418 --a------ C:\Documents and Settings\Cath\temp.DAT
2008-08-06 19:29 . 2008-08-06 19:29 <DIR> d-------- C:\Documents and Settings\Cath\hmu_properties_points
2008-08-06 19:28 . 2008-08-06 19:28 582,838 --a------ C:\Documents and Settings\Cath\hmu_properties_points.zip
2008-07-28 20:54 . 2008-07-28 20:54 <DIR> d-------- C:\Documents and Settings\JOHN SWARBRICK\Application Data\TomTom
2008-07-28 20:53 . 2008-07-28 20:53 <DIR> d-------- C:\Program Files\TomTom HOME 2
2008-07-26 14:03 . 2008-07-26 14:03 <DIR> d-------- C:\Program Files\Firaxis Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 10:29 --------- d-----w C:\Program Files\PowerPacket
2008-07-19 08:06 --------- d-----w C:\Program Files\Common Files\Java
2008-07-19 07:44 857,664 ----a-w C:\Program Files\ccsetup209_slim.exe
2008-07-18 18:15 36,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-18 18:15 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 20:59 --------- d-----w C:\Program Files\Alwil Software
2008-07-17 20:58 24,234,968 ----a-w C:\Program Files\setupeng.exe
2008-07-09 20:32 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-09 20:29 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 12:20 --------- d-----w C:\Program Files\Microsoft Money 2007
2008-07-02 18:57 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-02 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-02 18:56 --------- d-----w C:\Program Files\Seagate Software
2008-07-02 18:48 --------- d-----w C:\Documents and Settings\JOHN SWARBRICK\Application Data\MapInfo
2008-07-02 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\MapInfo
2008-07-02 18:46 --------- d-----w C:\Program Files\MapInfo
2008-06-27 05:55 --------- d-----w C:\Documents and Settings\Guest\Application Data\Canon
2008-06-24 18:13 --------- d-----w C:\Program Files\PartyGaming
2008-06-24 18:11 4,598,224 ----a-w C:\PartyPokerSetup.exe
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 16:12 667,136 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 16:12 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-23 16:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-23 16:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-06-23 16:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-23 16:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-23 16:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-23 16:12 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-23 16:11 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-23 16:11 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 16:11 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-23 16:11 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 16:11 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-23 16:11 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-23 16:11 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-23 16:11 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 16:11 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 16:11 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-29 20:06 8,836,238 ----a-w C:\Program Files\pspvideo9_Installer.exe
2008-05-28 22:04 26,841,805 ----a-w C:\Program Files\SUPERsetup.exe
2008-05-28 21:47 7,151,050 ----a-w C:\Program Files\videoraipodconverter_Installer.exe
2008-03-22 16:27 1,751,552 ----a-w C:\Program Files\GoogleWebAcceleratorSetup.msi
2008-02-27 19:07 2,733,520 ----a-w C:\Program Files\ccsetup205.exe
2007-11-25 09:45 64,653 ----a-w C:\Program Files\Harry[1].Potter.And.The.Order.Of.The.Phoenix[2007]DvDrip[Eng]-aXXo _-mininova.org-_.torrent
2007-07-19 22:08 41,392,848 ----a-w C:\Program Files\SlingPlayer_PC_1.4.0.206_Setup-UK.exe
2007-07-04 19:29 23,260,680 ----a-w C:\Program Files\Orb20SetupEnGB.exe
2007-06-18 12:00 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
2007-05-30 19:40 38,012,480 ----a-w C:\Program Files\iTunesSetup.exe
2007-03-02 21:06 41,210 ----a-w C:\Program Files\310OEA2-update.rar
2007-02-18 17:33 1,967,207 ----a-w C:\Program Files\SopCast.zip
2007-02-16 19:43 1,712,771 ----a-w C:\Program Files\pspVideo9_Upgrade.exe
2007-02-16 19:42 4,762,918 ----a-w C:\Program Files\pspVideo9_Install.exe
2006-12-26 08:46 49,249 ----a-w C:\Program Files\download.htm
2006-12-26 08:42 357,424 ----a-w C:\Program Files\msicuu2.exe
2006-07-26 20:54 1,458,008 ----a-w C:\Program Files\ccsetup131.exe
2006-07-24 19:02 1,450,904 ----a-w C:\Program Files\daemon403-x86.exe
2006-07-24 19:01 1,730,968 ----a-w C:\Program Files\daemon403-x64.exe
2006-06-22 08:54 69,416 ----a-w C:\Program Files\AUTORUN.EXE
2006-03-15 19:12 1,978,336 ----a-w C:\Program Files\PPLiveSetup1.1.0.7.exe
2006-03-15 19:02 7,556,096 ----a-w C:\Program Files\epson23631eu.exe
2006-03-05 19:32 0 ----a-w C:\Documents and Settings\JOHN SWARBRICK\Application Data\wklnhst.dat
2006-03-05 19:28 2,214,912 ----a-w C:\Program Files\pdf995s.exe
2006-03-05 19:27 5,264,896 ----a-w C:\Program Files\ps2pdf995.exe
2006-02-28 21:36 106,797,808 ----a-w C:\Program Files\Nero-7.0.1.4b_eng.exe
2006-02-28 07:00 217,329 ----a-w C:\Program Files\gspot221.exe
2006-02-27 20:15 449 ----a-w C:\Program Files\Shortcut to VirtualDub.lnk
2006-02-27 20:14 1,025,735 ----a-w C:\Program Files\VirtualDub-1.6.13.zip
2006-02-27 13:29 376 ----a-w C:\Program Files\file_id.diz
2006-02-27 13:29 13,316 ----a-w C:\Program Files\blizz.nfo
2006-02-26 17:08 758,272 ----a-w C:\Program Files\VirtualDub.exe
2006-02-26 17:08 120,246 ----a-w C:\Program Files\VirtualDub.vdi
2006-02-26 17:07 7,738 ----a-w C:\Program Files\vdub.exe
2006-02-26 17:07 7,168 ----a-w C:\Program Files\vdremote.dll
2006-02-26 17:07 6,656 ----a-w C:\Program Files\vdicmdrv.dll
2006-02-26 17:07 5,120 ----a-w C:\Program Files\vdsvrlnk.dll
2006-02-26 17:07 16,384 ----a-w C:\Program Files\auxsetup.exe
2006-02-26 17:06 210,421 ----a-w C:\Program Files\VirtualDub.chm
2006-02-26 08:03 5,989,248 ----a-w C:\Program Files\a120_195_3823_retail.exe
2006-02-19 09:36 7,737,688 ----a-w C:\Program Files\ewido-setup.exe
2006-02-16 20:06 9,101,392 ----a-w C:\Program Files\TU2006TrialEN.exe
2006-02-10 19:52 4,758,147 ----a-w C:\Program Files\Vlookup Column Numbers Project.wmv
2006-02-10 19:44 4,264,119 ----a-w C:\Program Files\Lookup I Project.wmv
2006-02-10 19:34 5,135,331 ----a-w C:\Program Files\VLOOKUP Project.wmv
2006-02-08 20:51 51,622,242 ----a-w C:\Program Files\ACEMCP603PRO.exe
2006-02-08 19:45 1,116,523 ----a-w C:\Program Files\3ivx_d4_451_win.exe
2006-02-06 19:24 2,566,736 ----a-w C:\Program Files\spywareblastersetup351.exe
2006-02-06 19:22 546,964 ----a-w C:\Program Files\ccsetup127b1.exe
2006-02-06 19:17 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 21:43 68856]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 09:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-14 17:01 2462208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2005-08-10 12:28 593920]
"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 10:53 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 10:53 2985472]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-12-31 14:07:59 745472]
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2007-05-14 20:10:47 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe"
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"EPSON Stylus Photo R320 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O5 "LPT1:" /M "Stylus Photo R320"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SCDEmuApp.exe"=C:\Program Files\PowerISO\SCDEmuApp.exe
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\PPMate\\ppmate.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\utorrent.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8830:TCP"= 8830:TCP:ppLive
"3070:UDP"= 3070:UDP:ppLive
"10000:TCP"= 10000:TCP:torrent port
"10001:TCP"= 10001:TCP:torrent port 10001
"10002:TCP"= 10002:TCP:torrent port 10002
"10003:TCP"= 10003:TCP:torrent port 10003
"10664:TCP"= 10664:TCP:torrentport 10664
"10006:TCP"= 10006:TCP:torent port 10006
"16881:TCP"= 16881:TCP:torrent 16881
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1720:TCP"= 1720:TCP:torrent
"50010:TCP"= 50010:TCP:torrent
"36877:TCP"= 36877:TCP:utorent
"33534:TCP"= 33534:TCP:utorrent
"32459:TCP"= 32459:TCP:utorrent4
"55641:TCP"= 55641:TCP:utorrent

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:17]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:42]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
R3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-25 08:32]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 13:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 18:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-09 21:32]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-05-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-07-09 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.redissue.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://global.acer.com/
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 23:03:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-24 23:06:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 22:06:26

Pre-Run: 1,826,652,160 bytes free
Post-Run: 1,775,828,992 bytes free

338 --- E O F --- 2008-08-13 21:44:05

Post #243471

RichieUK

Posted 8/24/2008 6:15 PM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,045, Visits: 54,734

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.

Download Fixwareout from the link below:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it.
Click Next,then Install,make sure "Run fixit" is checked and click Finish.
The fix will begin,follow the prompts.
Your firewall may give an alert,(because this tool will download an additional file from the internet),please don't let your firewall block it,allow it instead.
Then you will be asked to reboot your computer,please do so.
Your system may take longer than usual to load,this is normal.
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.
Please Note:
Only do the following if you have connection problems after performing the above steps:
Go to Start>Control Panel,and choose 'Network Connections'.
Then right click on your default connection,usually 'Local Area Connection' or 'Dial-up Connection' if you are using Dial-up,then left click on 'Properties'.
Double-click on the 'Internet Protocol (TCP/IP)' item and select the radio button that says: 'Obtain DNS servers Automatically'.
Click OK twice,restart your computer.

Download unzip/extract and install the Avira AntiRootkit Tool:
http://free-av.com/en/tools/4/avira_antirootkit_tool.html
Launch the Avira AntiRootkit Tool,leave everything set as it is,then click on 'Start Scan'.
Once the scan has finished click on 'View report'.
Notepad will open showing the report.
Copy and paste the entire contents into your next reply.

Please run Kaspersky Online Scanner.

Note:
This free online virus scanner is very powerful and scans your machine very deeply,so it will certainly take some time to complete.
Note:
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

* Click on the

button,then click the "Accept" button.

* The program will install and then begin downloading the latest definition files.
* After the files have been downloaded,on the left side of the page in the "Scan" section select "My Computer".
* This will start the program and scan your system.
* The scan does not provide an option to clean/disinfect your system,i need to see the scan results.
* The scan will take quite a while, so be patient and let it run until its finished.
* Once the scan is complete, click on "View scan report" or "Scan Report".
* Then click on the "Save Report as" button,save the file to your desktop.
* Copy and paste the entire contents of that file into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.

________________________________________

ASAP & UNITE member since 2006

Post #243472

jswarb001

Posted 8/25/2008 4:17 AM

New Member

Group: Forum Members
Last Login: 7/19/2008 6:12 AM
Posts: 97, Visits: 235

Thanks for replying but I cant even log into my other pc now. It just keps beeping every time I turn it on. Maybe its the pc itself that is faulty. I will report baclk if I eventually get on.

Post #243478

RichieUK

Posted 8/25/2008 5:45 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,045, Visits: 54,734

It just keps beeping every time I turn it on.

Does the pc just beep,then restart.
Is it one beep or more then one.

Will it start up in Safe Mode.
Reboot your computer into SAFE MODE using the <