Can't get rid of with antivirus or adware programs

[xFenGz]

I've tried many times getting rid of viruses and adware, but there are still popups telling me to scan and download their software. It's my dad's laptop or else I'd just format it. I've got a hijackthis log and combofix log. Can someone help me out please thanks!


Hijackthis

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\cssrss.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\a.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\~tmpd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Acer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubxiangqi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5773B1C2-3821-4A4D-AC85-E16DDAA43774} - C:\WINDOWS\system32\iashlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Acer\LOCALS~1\Temp\a.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: msupd_0809_upd070554.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

[xFenGz]

Combofix


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Acer\Application Data\rhctw0j0egna
C:\Documents and Settings\Acer\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\update.exe
C:\WINDOWS\system32\atmpvcn.dll
C:\WINDOWS\system32\confms.dll
C:\WINDOWS\system32\cssrss.exe
C:\WINDOWS\system32\deskper.dll
C:\WINDOWS\system32\drivers\cjechbnj.dat
C:\WINDOWS\system32\drivers\cvsycbso.dat
C:\WINDOWS\system32\fsus.dll
C:\WINDOWS\system32\iashlp.dll
C:\WINDOWS\system32\iasna.dll
C:\WINDOWS\system32\ipxprom.dll
C:\WINDOWS\system32\ipxrtmg.dll
C:\WINDOWS\system32\jgdw40.dll
C:\WINDOWS\system32\jgpl40.dll
C:\WINDOWS\system32\kbdb.dll
C:\WINDOWS\system32\kdufq.exe
C:\WINDOWS\system32\lphcpw0j0egna.exe
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\q9YGfJ.syz
C:\WINDOWS\system32\t7waP1Ey.exe.a_a
C:\WINDOWS\Sysvxd.exe
C:\WINDOWS\Temp\log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XRGKKLFU
-------\Service_xrgkklfu


((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-20 15:13 . 2008-10-25 14:58 60,928 --a------ C:\WINDOWS\system32\t7waP1Ey.exe
2008-10-13 10:43 . 2008-10-13 10:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 01:30 73,728 ----a-w C:\WINDOWS\system32\CavEmLSP.dll
2008-08-15 01:30 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-15 01:30 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-08-15 01:30 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-15 01:30 216,576 ----a-w C:\WINDOWS\system32\monln.dll
2008-08-15 01:30 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2008-03-26 23:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-09-19 16:01 27 --sha-w C:\WINDOWS\system32\_nsi_.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{993E8D99-0799-4F96-8F4B-FFE26F9D7A4E}]
2004-08-04 05:00 91648 --a------ C:\WINDOWS\system32\iassvc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-08-14 110592]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
msupd_0809_upd070554.exe [2008-09-06 115200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
2008-08-14 17:30 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2007-02-18 109440]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [ ]
S3 geebers12;geebers12;C:\Documents and Settings\Acer\Desktop\blorbslayerengine\nvid888.sys [ ]
S3 saruen;saruen;C:\Documents and Settings\Acer\Desktop\ac\saruen.sys [ ]
S3 sejt1;sejt1;C:\Documents and Settings\Acer\Desktop\akuma hacks\sejt.sys [ ]
S3 xp1;xp1;C:\Documents and Settings\Acer\Desktop\xpengine\xp.sys [ ]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d3faeee-9336-11db-b2d1-0016ce32a369}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43ceffa-60ff-11dc-b392-0016ce32a369}]
\Shell\AutoRun\command - F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c19091d6-ea7c-11dc-b3f3-0016ce32a369}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

 

[xFenGz]

Contents of the 'Scheduled Tasks' folder

2008-10-20 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-26 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-21 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-21 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-20 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-26 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-26 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-22 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-26 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At49.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At50.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-26 C:\WINDOWS\Tasks\At51.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At52.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At53.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At54.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At55.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At56.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At57.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At58.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At59.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At60.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At61.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At62.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At63.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At64.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At65.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At66.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-24 C:\WINDOWS\Tasks\At67.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-23 C:\WINDOWS\Tasks\At68.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-26 C:\WINDOWS\Tasks\At69.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At70.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At71.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]

2008-10-25 C:\WINDOWS\Tasks\At72.job
- C:\WINDOWS\system32\t7waP1Ey.exe [2008-10-25 14:58]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\s8zh6rov.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 11:57:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\COMODO\COMMON\CAVASPY\CAVASM.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\COMODO\COMODO ANTIVIRUS\CAVSE.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\COMODO\COMODO ANTIVIRUS\CAVSE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe

 

[Respital]

Hello:

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.