Major Problems

Infected computer. It is my friends computer. Cannot open HJT. Cannot update windows. Many websites arent opening, popups alot.

Specs: 256MB RAM
windows Service Pack 1
computer: dell 2.5Ghz

should i try running combofix??

I have no idea what worms or trojans may be present. Screen flicks on/off regularly. Seems a dodgy windows update centre is on and cant remove fully. cant update windows from microsoft as active x isnt working. I tried enabling all active x settings and still not allowing. red circle with white X in toolbar also.

trouble posting here also

i just noticed multiple IEXPLORE.EXE running, i end process but they auto reload even though i havent touched anything.

Any help please.

ok the 2 extra IEXPLORE.EXE processes that run. I end them.....they open as:

fmideploy.exe and flsmontr.exe then they both convert to IEXPLORE.EXE

Have you tried running hijackthis in Safe Mode?

HJT wont open in safe mode either

Ok finally got avast to load and work and can now open HJT so here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:53 PM, on 17/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\aspimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\WINDOWS\System32\XCSyncML.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AOL 7.0a\aoltray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telstra.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\System32\XCSyncML.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Microsoft Task Scheduler] C:\WINDOWS\System32\dlha\mstask32.com
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Task Scheduler] C:\WINDOWS\System32\dlha\mstask32.com
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.telstra.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5707 bytes

download and run combo fix... pls, and then post the combo fix log and a new hijackthis log.

Thanks.

P.S. - Would post the code, but at school .

combofix log:

ComboFix 08-07-15.4 - michael stevic 2008-07-17 14:20:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.99 [GMT 10:00]
Running from: C:\Documents and Settings\michael stevic\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Program Files\AntiMalwareGuard
C:\Program Files\System Doctor Free
C:\Program Files\System Doctor Free\st.dat
C:\WINDOWS\braviax.exe
C:\WINDOWS\g32.txt
C:\WINDOWS\s32.txt
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\2search.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\DelSelf.bat
C:\WINDOWS\system32\dlha\mstask32.com
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\ws386.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR


((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 11:59 . 2008-07-17 11:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-17 11:09 . 2008-07-17 11:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-17 10:14 . 2008-07-17 10:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 09:58 . 2008-07-17 09:58 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 17:30 . 2008-07-10 17:30 15,676 --a------ C:\Program Files\Common Files\jinoro.bin
2008-07-03 13:21 . 2008-07-03 13:21 17,229 --a------ C:\Documents and Settings\michael stevic\Application Data\temexu.sys
2008-06-23 11:08 . 2008-06-23 11:08 19,177 --a------ C:\WINDOWS\ojuji.vbs
2008-06-23 11:08 . 2008-06-23 11:08 18,692 --a------ C:\Program Files\Common Files\jerifilebu.scr
2008-06-23 11:08 . 2008-06-23 11:08 17,839 --a------ C:\WINDOWS\hikonov.ban
2008-06-23 11:08 . 2008-06-23 11:08 17,262 --a------ C:\WINDOWS\SYSTEM32\iwic.bin
2008-06-23 11:08 . 2008-06-23 11:08 16,241 --a------ C:\WINDOWS\SYSTEM32\yhofyvi.pif
2008-06-23 11:08 . 2008-06-23 11:08 15,558 --a------ C:\WINDOWS\lijavara.com
2008-06-23 11:08 . 2008-06-23 11:08 14,475 --a------ C:\Documents and Settings\All Users\Application Data\xywusyzu.scr
2008-06-23 11:08 . 2008-06-23 11:08 14,342 --a------ C:\WINDOWS\iqiw.exe
2008-06-23 11:08 . 2008-06-23 11:08 13,904 --a------ C:\Program Files\Common Files\nakac.reg
2008-06-23 11:08 . 2008-06-23 11:08 12,312 --a------ C:\WINDOWS\jepetahebu.inf
2008-06-23 11:08 . 2008-06-23 11:08 10,692 --a------ C:\WINDOWS\obelaw.dl
2008-06-23 11:08 . 2008-06-23 11:08 10,581 --a------ C:\Documents and Settings\michael stevic\Application Data\aqylufa.bat
2008-06-23 11:08 . 2008-06-23 11:08 10,137 --a------ C:\WINDOWS\terohulun.exe
2008-06-23 11:07 . 2008-06-23 11:07 19,061 --a------ C:\WINDOWS\zyte.db
2008-06-23 11:07 . 2008-06-23 11:07 16,687 --a------ C:\WINDOWS\sigiky.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 02:48 --------- d-----w C:\Program Files\WebSiteViewer
2008-07-17 02:41 --------- d-----w C:\Program Files\2search.old
2008-06-24 03:56 --------- d-----w C:\Program Files\LimeWire
2008-06-24 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\System Doctor Free
2008-05-23 08:05 --------- d-----w C:\Program Files\AOL 7.0a
2006-11-07 06:32 35,072 ----a-w C:\Documents and Settings\michael stevic\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2003-07-17 06:47 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\SYSTEM32\svchost.exe
2003-07-17 06:47 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe

2003-07-17 06:49 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\SYSTEM32\user32.dll
2003-07-17 06:49 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll

2003-07-17 06:53 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\SYSTEM32\ws2_32.dll
2003-07-17 06:53 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\SYSTEM32\DLLCACHE\ws2_32.dll

2003-07-17 06:51 599040 f3587750a7481dccbea13d473a0700be C:\WINDOWS\SYSTEM32\wininet.dll
2003-07-17 06:51 599040 f3587750a7481dccbea13d473a0700be C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

2003-07-17 06:47 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2003-07-17 06:47 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys

2003-07-17 06:51 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\SYSTEM32\winlogon.exe
2003-07-17 06:51 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe

2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

2003-07-17 06:46 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe

2003-07-17 06:39 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\SYSTEM32\ntoskrnl.exe

2003-07-17 06:28 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\explorer.exe
2003-07-17 06:28 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe

2003-07-17 06:44 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\SYSTEM32\services.exe
2003-07-17 06:44 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe

2003-07-17 06:32 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\SYSTEM32\lsass.exe
2003-07-17 06:32 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\SYSTEM32\DLLCACHE\lsass.exe

2003-07-17 06:26 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\SYSTEM32\ctfmon.exe
2003-07-17 06:26 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe

2003-07-17 06:46 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\SYSTEM32\spoolsv.exe
2003-07-17 06:46 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\SYSTEM32\DLLCACHE\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-04 14:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-25 10:38 155648]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-17 06:23 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-17 06:23 455168]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-07-17 06:22 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2002-08-29 07:00 208953]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 13:55 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 13:51 118784]
"{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}"="C:\program files\Telstra\Signup\tbpt.exe" [2000-10-20 23:06 81920]
"XCSyncML"="C:\WINDOWS\System32\XCSyncML.exe" [2005-07-14 10:07 135168]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 18:03 278528]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 21:32 53248]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 12:52 366400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2003-07-17 06:37 51200 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0a\aoltray.exe [2004-08-04 14:17:44 32839]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lLh$vùõš/‚²ÆßfÏNbC:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lLh$vùõš/‚²ÆßfÏNbC:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lLh$vùõš/‚²ÆßfÏNbC:\Program Files\ISTsvc

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"=
"<NO NAME>"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 09:20]
S3 flatbus;NEC WMC USB_BK1 Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\flatbus.sys [2005-07-07 14:39]
S3 flatmdfl;NEC WMC USB_BK1 Modem Filter;C:\WINDOWS\System32\DRIVERS\flatmdfl.sys [2005-07-07 14:39]
S3 flatmdm;NEC WMC USB_BK1 Modem Drivers;C:\WINDOWS\System32\DRIVERS\flatmdm.sys [2005-07-07 14:39]
S3 flatobex;NEC WMC USB_BK1 OBEX Interface Drivers (WDM);C:\WINDOWS\System32\DRIVERS\flatobex.sys [2005-07-07 14:39]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\System32\DRIVERS\HSFHWCD2.sys [2002-03-14 20:47]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Webcam Enhance V2.1]
C:\WINDOWS\runtfs32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 10:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Task Scheduler - C:\WINDOWS\System32\dlha\mstask32.com
HKLM-Run-Microsoft Task Scheduler - C:\WINDOWS\System32\dlha\mstask32.com
MSConfigStartUp-istsvc - C:\WINDOWS\joigj.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 14:25:01
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-07-17 14:30:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 04:30:22

Pre-Run: 27,165,372,416 bytes free
Post-Run: 27,149,295,616 bytes free

169







HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:50 PM, on 17/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\WINDOWS\System32\XCSyncML.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 7.0a\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\System32\XCSyncML.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.telstra.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5347 bytes




Can I also delete virus vault for avast??? There are over 500 threats in there from the scan.

^^ To answer you, YES. I would also recommend dumping Avast as it is a system hog. I recommend AVG, Nod32, or Kasp.

im changing to avg if i can get the system to update to SP2 (avg wont run on SP1) but i will wait until i hear back from my above logs.

^^ How is your system running now?

good....i dont have popups or messages saying me to buy anticrap.

should i also clear restore points as well now.

Yes clear the restore points. It will free up your hdd. You should also download, install, and run CCleaner. That will free more space.

so im presuming im clean now guys......???