Scan results hope you can help me.

Heres the scan will put hijack thing in the next post.


 ComboFix 08-08-30.01 - Jill 2008-08-31  2:14:36.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.149 [GMT 1:00]
Running from: C:\Documents and Settings\Jill\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-31  )))))))))))))))))))))))))))))))
.

2008-08-31 01:14 . 2008-08-31 01:14   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 01:14 . 2008-08-31 01:14   <DIR>   d--------   C:\Documents and Settings\Jill\Application Data\Malwarebytes
2008-08-31 01:14 . 2008-08-31 01:14   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 01:14 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-31 01:14 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 13:50 . 2008-08-30 13:50   <DIR>   d--------   C:\Documents and Settings\Jill\Application Data\PCToolsFirewallPlus
2008-08-30 13:47 . 2008-08-30 13:57   <DIR>   d--------   C:\Program Files\PC Tools Firewall Plus
2008-08-30 13:47 . 2008-08-30 13:47   <DIR>   d--------   C:\Program Files\Common Files\PC Tools
2008-08-30 13:47 . 2008-07-28 11:29   160,792   --a------   C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-30 13:47 . 2008-07-17 16:53   93,952   --a------   C:\WINDOWS\system32\drivers\pctfw.sys
2008-08-30 13:47 . 2008-08-05 15:58   58,136   --a------   C:\WINDOWS\system32\drivers\FWAuthdriver.sys
2008-08-30 12:34 . 2008-04-14 01:12   22,528   --a------   C:\WINDOWS\system32\wsock32.dlb
2008-08-30 12:33 . 2008-08-30 12:33   <DIR>   d--------   C:\Program Files\Comodo
2008-08-30 12:33 . 2008-08-30 12:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\BOC427
2008-08-30 12:33 . 2008-07-14 05:09   212,728   --a------   C:\WINDOWS\CMDLIC.DLL
2008-08-30 12:33 . 2008-07-14 05:09   205,560   --a------   C:\WINDOWS\UNBOC.EXE
2008-08-30 12:33 . 2008-08-31 02:09   9,309   --a------   C:\WINDOWS\BOC427.INI
2008-08-29 23:30 . 2008-08-30 09:16   <DIR>   d--------   C:\Documents and Settings\Jill\.housecall6.6
2008-08-28 21:19 . 2008-08-28 21:19   <DIR>   d--------   C:\Program Files\Alwil Software
2008-08-28 21:02 . 2008-08-28 21:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-17 21:11 . 2008-08-17 21:11   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-17 20:42 . 2008-08-17 18:52   262,144   --a------   C:\Program Files\Uninstall Spy Blocker.dll
2008-08-17 18:50 . 2008-08-17 18:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-17 18:50 . 2008-08-17 18:52   4,212   ---h-----   C:\WINDOWS\system32\zllictbl.dat
2008-08-17 18:49 . 2004-04-27 04:40   11,264   --a------   C:\WINDOWS\system32\SpOrder.dll
2008-08-17 18:47 . 2008-08-17 19:13   <DIR>   d--------   C:\WINDOWS\Internet Logs
2008-08-14 08:07 . 2008-05-01 15:33   331,776   -----c---   C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 08:06 . 2008-04-11 20:04   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 00:48 . 2008-08-17 16:46   <DIR>   d--------   C:\Documents and Settings\Jill\Application Data\LimeWire
2008-08-11 00:47 . 2008-08-17 17:20   <DIR>   d--------   C:\Program Files\LimeWire
2008-08-03 22:04 . 2008-08-31 01:45   <DIR>   d--------   C:\Program Files\a-squared Free
2008-07-08 08:53 . 2008-07-08 08:53   <DIR>   d--------   C:\Program Files\Sun
2008-07-07 21:26 . 2008-07-07 21:26   253,952   -----c---   C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 14:14 . 2008-07-07 14:14   1,606   --a------   C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-07 13:54 . 2008-07-07 13:54   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-07-07 13:54 . 2008-07-07 13:54   <DIR>   d--------   C:\WINDOWS\system32\en
2008-07-07 13:54 . 2008-07-07 13:54   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-07 13:54 . 2008-07-07 13:54   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-07-07 13:50 . 2008-07-07 13:54   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-07-07 13:43 . 2008-07-07 13:43   <DIR>   d--------   C:\WINDOWS\EHome
2008-07-07 13:31 . 2008-04-14 01:12   4,274,816   ---------   C:\WINDOWS\system32\nv4_disp.dll
2008-07-07 13:30 . 2008-04-14 01:11   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 23:42   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 19:40   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-30 12:55   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-08-25 18:20   ---------   d-----w   C:\Program Files\HP
2008-08-24 17:41   ---------   d-----w   C:\Program Files\Java
2008-08-24 16:11   38,488   ----a-w   C:\Documents and Settings\Jill\Application Data\wklnhst.dat
2008-08-17 17:57   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-17 17:57   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 15:20   ---------   d-----w   C:\Documents and Settings\Jill\Application Data\Canon
2008-08-08 10:26   ---------   d-----w   C:\Program Files\Google
2008-07-07 20:26   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-07-07 13:14   ---------   d-----w   C:\Program Files\MSN Messenger
2008-06-24 16:43   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-05-09 10:53   90,112   ----a-w   C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53   430,080   ----a-w   C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53   180,224   ----a-w   C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53   172,032   ----a-w   C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24   155,648   ----a-w   C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07   135,168   ----a-w   C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12   1,288,192   ----a-w   C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 10:38 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" [2003-09-11 04:00 99840]
"DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [2004-05-27 12:07 1659050]
"DSLAGENTEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [2004-05-27 12:07 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-07-16 13:50 1409136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 19:24 77824]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 05:09 351480]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 15:58 2611096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-14 20:46:25 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-03-14 21:11:42 634880]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-20 21:51:49 962660]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-19 17:36:53 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-09-29 18:43:11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 15:58]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2007-03-22 20:05]
S3 CoachVid;CoachVid;C:\WINDOWS\system32\DRIVERS\CoachVid.sys [2007-03-22 20:05]
S3 lredbooo;lredbooo;C:\DOCUME~1\Jill\LOCALS~1\Temp\lredbooo.sys []
S3 SiSCom;SISCom_Com;D:\Drivers\Display\WinXP_2K\utilDLL\SiSCom.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WantedGunsSetup.exe - C:\DOWNLO~1\WANTED~1.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\kn2oh0jn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.co.uk/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 02:20:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-31  2:24:55
ComboFix-quarantined-files.txt  2008-08-31 01:24:39

Pre-Run: 13,710,651,392 bytes free
Post-Run: 13,720,997,888 bytes free

161   --- E O F ---   2008-08-14 23:38:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:29:15, on 31/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164234819625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8285 bytes

[Malware Removal Specialist]

Everything looks fine. It must be just some locked Windows files that Avast can't open to scan.


• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

Phew thats a relief, it did say it had moved several of the my doom things to the chest but 2 failed, may be they went in later?

Anyway as I said it came up clean earlier today so hopefully I am clean.

Will do what you said in your last post and do I need to do anything else?

If not can I thank you very much indeed for all your help and as its 3 in the morning where I am wish you a very good night.

[Malware Removal Specialist]

it did say it had moved several of the my doom things to the chest but 2 failed

Might have been restore points.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

OK the last thing you told me to do is scanning now.

Just one thing when I did this:-

Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.


I clicked on it and it didn't actually show as doing anything was it just automatic.

[Malware Removal Specialist]

Maybe. You can make sure they are gone by toggling it off and then back on.

Turn OFF System Restore

• On the Desktop, right-click My Computer
  
• Click Properties
  
• Click the System Restore tab.
  
• Check Turn off System Restore
  
• Click Apply, and then click OK

.
Restart your computer

Turn ON System Restore

• On the Desktop, right-click My Computer
  
• Click Properties
  
• Click the System Restore tab.
  
• UN-Check Turn off System Restore
  
• Click Apply, and then click OK

.
System Restore will now be active again

Did i need to do another restore point after turning restore back on.

Also the inspector thing found lots of java updates amongst lots of other things do I need to update them all?

[Malware Removal Specialist]

It will create a restore point when you turn it back on.

For the Java run this. It will remove all of the old versions and leave the new one there.


Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Exit JavaRa
  
• Delete the JavaRa .zip .exe and .html files from the Desktop

OK will work my way through the inspector thing tomorrow and then do the java thing.

Am I ok now?

Can I go to bed ??   xxx

[Malware Removal Specialist]

Good to go.

You are a darling and thank you sooooo much.

Your patience and expertise appears endless.


Byeeeeeeeeeeeeeeeeee  xx

[Malware Removal Specialist]

No problem.

Safe surfing...