0

Hi everyone,

I am new here and I have been trying to fix this on my own for a week now... I am not very experienced, however I've read through some previous threads and tried a few things based on previous advice to other unlucky people with the same symptoms... After I lose the desktop I work from the Task Manager by hitting Ctrl-Alt_delete. I have tried several anti viruses, antispyware, etc. I have even tried to reinstall (repair) Windows XP Pro. Same problem... I am going to post the HighJackThis and ComboFix logs for now and hope to get some to fix my problem... I really don't want and hope I won't have to install XP fresh...

BTW, ComboFix has worked, at least partially since this is the first time in a week that my desktop did not crash right away upon Windows loading.... right after loading to the desktop after the ComboFix's fix some program tried to access the Internet via the Internet Explorer several times but Spyware Doctor caught it and here is the report:
2008-07-01 13:54:45:546
OnGuard: System Event Blocked
Threat Name - Trojan-PWS.Bancos
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\COMBOFIX\PV.CFEXE


And the rest of it:


2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, combofix_wow
2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, Runs
2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, snapshot
2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Driver
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
2008-07-01 14:04:37:187
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1644491937-1637723038-725345543-500\Software\Wget
2008-07-01 14:07:11:906
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 190228
Threats Detected - 2
Infections Detected - 19
Infections Ignored - 0
2008-07-01 14:08:33:203
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1644491937-1637723038-725345543-500\Software\Wget
2008-07-01 14:08:33:390
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1644491937-1637723038-725345543-500\Software\Wget2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, combofix_wow
2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, Runs
2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, snapshot
2008-07-01 14:04:35:203
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
2008-07-01 14:04:35:250
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Driver
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
2008-07-01 14:04:35:265
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
2008-07-01 14:04:37:187
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1644491937-1637723038-725345543-500\Software\Wget
2008-07-01 14:07:11:906
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 190228
Threats Detected - 2
Infections Detected - 19
Infections Ignored - 0
2008-07-01 14:08:33:203
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1644491937-1637723038-725345543-500\Software\Wget
2008-07-01 14:08:33:390
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1644491937-1637723038-725345543-500\Software\Wget


Here are the the ComboFix and HighJackThis logs:


ComboFix 08-06-30.2 - Administrator 2008-07-01 13:44:01.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.764 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\inst.exe
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\2GT9G4NC\iforex.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\mlJYonKc.dll
C:\WINDOWS\system32\nifdlukeceu.dll
C:\WINDOWS\system32\OrsCKRqr.ini
C:\WINDOWS\system32\OrsCKRqr.ini2
C:\WINDOWS\system32\rqRKCsrO.dll
C:\WINDOWS\system32\spywarewarning.mht
C:\WINDOWS\system32\spywarewarning2.mht

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 12:10 . 2008-07-01 12:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-01 12:05 . 2008-07-01 12:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-01 12:04 . 2008-07-01 12:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 11:29 . 2008-07-01 11:29 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-01 11:21 . 2004-08-12 07:20 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-01 11:20 . 2004-08-12 07:20 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-07-01 11:19 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-01 11:17 . 2004-08-12 07:20 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-01 11:17 . 2008-07-01 11:17 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-01 11:17 . 2008-07-01 11:17 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-01 11:17 . 2008-07-01 11:17 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-01 11:17 . 2008-07-01 11:17 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-01 11:17 . 2008-07-01 11:17 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-01 11:17 . 2008-07-01 11:17 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-30 20:07 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-06-30 15:40 . 2008-06-30 15:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-30 15:06 . 2008-06-30 15:06 <DIR> d-------- C:\Program Files\Avira
2008-06-30 15:06 . 2008-06-30 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 13:25 . 2008-06-30 13:25 8,415 --a------ C:\WINDOWS\system32\iifgHBqr.dll
2008-06-30 11:40 . 2008-06-30 20:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IObit
2008-06-30 10:00 . 2008-06-30 10:00 8,415 --a------ C:\WINDOWS\system32\geBsrSIy.dll
2008-06-29 19:31 . 2008-06-30 09:44 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-29 16:24 . 2008-06-29 16:24 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-29 14:10 . 2008-06-29 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-29 13:34 . 2008-06-29 14:38 1,654 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 12:36 . 2008-07-01 09:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-29 12:36 . 2008-06-29 12:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-29 12:36 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-29 12:36 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-29 12:36 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-29 12:36 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-29 12:32 . 2008-06-29 20:02 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-29 12:28 . 2008-06-29 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-29 11:19 . 2008-06-30 00:03 345 --ahs---- C:\WINDOWS\system32\XEgiQqss.ini
2008-06-28 22:11 . 2008-06-28 22:11 64,179 --a------ C:\WINDOWS\system32\ugjrfxskdvql.exe
2008-06-28 22:05 . 2008-06-28 22:05 8,415 --a------ C:\WINDOWS\system32\nnnllJBS.dll
2008-06-28 22:01 . 2004-08-12 07:17 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-28 14:03 . 2008-06-28 14:03 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-06-28 09:10 . 2008-06-28 22:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-25 20:43 . 2008-06-25 20:43 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-25 20:42 . 2008-06-25 20:42 <DIR> d-------- C:\Program Files\Windows Live
2008-06-25 20:42 . 2008-06-25 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-20 10:30 . 2008-06-20 10:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LowRateVoip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-01 02:07 --------- d-----w C:\Program Files\IObit
2008-07-01 01:52 --------- d-----w C:\Program Files\AusLogics Registry Defrag
2008-07-01 01:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-06-30 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-06-30 17:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-30 06:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-06-29 20:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-29 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 19:31 --------- d-----w C:\Program Files\Picasa2
2008-06-29 18:29 --------- d-----w C:\Program Files\Google
2008-06-29 03:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GARMIN
2008-06-28 02:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon
2008-06-24 20:50 --------- d-----w C:\Program Files\WinTV
2008-06-23 15:32 --------- d-----w C:\Program Files\American Airlines DealFinder
2008-06-13 23:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-06-13 22:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-05-30 16:55 --------- d-----w C:\Program Files\Yahoo!
2008-05-27 15:52 --------- d-----w C:\Program Files\ScottradeELITE
2008-05-26 19:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MotionBased
2008-05-26 19:24 --------- d-----w C:\Program Files\MotionBased
2008-05-21 23:48 --------- d-----w C:\Program Files\Dvd-cloner
2008-05-20 14:32 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 14:30 --------- d-----w C:\Program Files\RadioXpi
2008-05-15 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-01-22 21:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 22:48 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2007-09-21 21:19 81,920 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 07:18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 16:16 49152 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MidiDef.Exe" [2002-12-03 16:16 49152 C:\WINDOWS\MIDIDEF.EXE]
"DefaultP17"="P17Def.Exe" [2003-07-25 07:25 20480 C:\WINDOWS\P17DEF.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3]
--a------ 2008-06-22 11:31 2001784 C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-15 17:19 79224 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--a------ 2006-10-19 20:44 20480 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--a------ 2006-05-31 17:00 143360 C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-12 07:18 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
--a------ 2006-09-06 10:05 1891416 C:\Garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
--a------ 2003-07-07 10:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 16:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-10 22:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
--a------ 2006-09-07 02:01 32768 C:\WINDOWS\V0230Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 08:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwemMON]
-ra------ 2007-03-29 15:22 61440 C:\WINDOWS\hcwemMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2004-06-10 10:51 60928 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
--a------ 2004-08-12 07:29 67584 C:\WINDOWS\system32\srclient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare"=2 (0x2)
"gusvc"=2 (0x2)
"spkrmon"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 17:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 17:16]
R2 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 14:22]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
R3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 19:20]
R3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 19:19]
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-11-20 02:02]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S3 VF0230Srv;Creative VF0230 RunApp Service;C:\WINDOWS\system32\V0230Srv.exe [2006-03-15 11:00]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 15:50]
S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 15:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 02:32:03 C:\WINDOWS\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-06-29 18:32:59 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-IEUpdate - C:\WINDOWS\system32\12520437z.exe
HKU-Default-RunServices-IEUpdate - C:\WINDOWS\system32\12520437z.exe
MSConfigStartUp-LowRateVoip - C:\Program Files\LowRateVoip\LowRateVoip.exe
MSConfigStartUp-{3b514bec-13a7-6f22-c819-deeba3fe22e2} - C:\WINDOWS\system32\nifdlukeceu.dll
MSConfigStartUp-= - (no file)
MSConfigStartUp-American Airlines DealFinder - (no file)
MSConfigStartUp-dvd43 - (no file)
MSConfigStartUp-Google Desktop Search - (no file)
MSConfigStartUp-IJNetworkScanUtility - (no file)
MSConfigStartUp-pccguide - (no file)
MSConfigStartUp-RadioPlanet - (no file)
MSConfigStartUp-RoxioDragToDisc - (no file)
MSConfigStartUp-RoxWatchTray - (no file)
MSConfigStartUp-TVPlanet - (no file)
MSConfigStartUp-UpdateManager - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 13:48:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-07-01 13:59:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 19:54:34

Pre-Run: 122,802,683,904 bytes free
Post-Run: 122,705,252,352 bytes free

281 --- E O F --- 2008-06-20 18:00:30


and


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:41, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spyware Doctor\pctsGui.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Creative VF0230 RunApp Service (VF0230Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\V0230Srv.exe

--
End of file - 8461 bytes

I apologise for the long message, I thought it would be better to give you everything I have from the start.

Thank you very, very much!!!

Best regards,
Adrian

3
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by ganesh2280
0

Hello,

Just wanted to let you know I was able to fix the problem (I hope). The thing that finally helped me get rid of the pests was Malwarebytes' Anti-malware. Previously the ComboFix did just enough to give my PC the ability to "fight back". For the benefit of the forum and future references here is what Malwarebytes did:

Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 5.1.2600 Service Pack 2

4:45:11 PM 7/1/2008
mbam-log-7-1-2008 (16-45-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 126790
Time elapsed: 55 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (C:\WINDOWS\system32\spywarewarning.mht) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\geBsrSIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnllJBS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgHBqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Thank you and good luck everyone!
Adrian

0

I was having the same problem, and after trying avg free, and superantispybot, i was ready to give up but Malware worked for me too.

0

Guess your system has been damaged. If data is not important the best workaround is to format the system and then go for a fresh install of the Operating system.

The other alternate would be to use the best antivirus,spyware,malware removal programs respectively.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.