Hello long time no computer problems but, finally it has happened. This time it is pretty bad. My explorer.exe keeps opening for 10 seconds them closes itself, opens again 10 seconds later only to repeat over and over again. I have been trying to fix it for 4 days scanning everything over and over again. with different software. Now I give up. I am running windows XP media center edition. I have scanned using Avast!, S&D, adaware, SUPERAntiSpyware, VirtumundoBeGone, SmitfraudFix, cwshredder, and it is still happening. I am posting my HJT log, smitfraud log and my virtumundoBeGone v1.5 log. If you need anything else just ask I will be looking for a response.
Thank you, Nicdez



=========================================================================

Logfile of HijackThis v1.99.1
Scan saved at 3:50:23 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [LocalCooling] "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EC21] C:\Program Files\EC21Messenger\EZQ.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Ujp] "C:\Program Files\?ystem32\r?gedit.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Ealb] "C:\PROGRA~1\COMMON~1\FNTS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

======================================================================




SmitFraudFix v2.248

Scan done at 16:15:21.78, Sun 11/04/2007
Run from C:\Documents and Settings\Owner.YOUR-588B4A13EA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E39C2FD4-6DBB-4EF5-99D0-1FB4E6064AAD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E39C2FD4-6DBB-4EF5-99D0-1FB4E6064AAD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E39C2FD4-6DBB-4EF5-99D0-1FB4E6064AAD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

=========================================================================



SUPERAntiSpyware Scan Log
Generated 11/04/2007 at 02:22 PM

Application Version : 3.6.1000

Core Rules Database Version : 3337
Trace Rules Database Version: 1338

Scan type : Complete Scan
Total Scan Time : 01:06:40

Memory items scanned : 462
Memory threats detected : 2
Registry items scanned : 6596
Registry threats detected : 5
File items scanned : 70992
File threats detected : 7

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\SSTTR.DLL
C:\WINDOWS\SYSTEM32\SSTTR.DLL

Adware.ClickSpring/Resident
C:\PROGRA~1\YSTEM3~1\RGEDIT~1.EXE
C:\PROGRA~1\YSTEM3~1\RGEDIT~1.EXE

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{9D8BE667-E4D1-4F16-9E77-95D9B7433E9E}
HKCR\CLSID\{9D8BE667-E4D1-4F16-9E77-95D9B7433E9E}
HKCR\CLSID\{9D8BE667-E4D1-4F16-9E77-95D9B7433E9E}\InprocServer32
HKCR\CLSID\{9D8BE667-E4D1-4F16-9E77-95D9B7433E9E}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D8BE667-E4D1-4F16-9E77-95D9B7433E9E}

Adware.ClickSpring
C:\Program Files\YSTEM3~1\RGEDIT~1.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\RTTSS.BAK1
C:\WINDOWS\SYSTEM32\RTTSS.INI
C:\WINDOWS\SYSTEM32\RTTSS.INI2

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSCPICOMSV32.EXE

==========================================================================




[11/04/2007, 15:43:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner.YOUR-588B4A13EA\Desktop\VirtumundoBeGone.exe" )
[11/04/2007, 15:43:59] - Detected System Information:
[11/04/2007, 15:43:59] - Windows Version: 5.1.2600, Service Pack 2
[11/04/2007, 15:44:00] - Current Username: Owner (Admin)
[11/04/2007, 15:44:00] - Windows is in NORMAL mode.
[11/04/2007, 15:44:00] - Searching for Browser Helper Objects:
[11/04/2007, 15:44:00] - BHO 1: {1F5F0160-20D8-4C4F-AF4C-02AD925015CD} ()
[11/04/2007, 15:44:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/04/2007, 15:44:00] - Checking for HKLM\...\Winlogon\Notify\ddcbaxw
[11/04/2007, 15:44:00] - Found: HKLM\...\Winlogon\Notify\ddcbaxw - This is probably Virtumundo.
[11/04/2007, 15:44:00] - Assigning {1F5F0160-20D8-4C4F-AF4C-02AD925015CD} MSEvents Object
[11/04/2007, 15:44:00] - BHO list has been changed! Starting over...
[11/04/2007, 15:44:00] - BHO 1: {1F5F0160-20D8-4C4F-AF4C-02AD925015CD} (MSEvents Object)
[11/04/2007, 15:44:00] - ALERT: Found MSEvents Object!
[11/04/2007, 15:44:00] - BHO 2: {897637ED-AD5E-4FF2-BF70-99C24D79D861} ()
[11/04/2007, 15:44:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/04/2007, 15:44:00] - Checking for HKLM\...\Winlogon\Notify\ssttq
[11/04/2007, 15:44:00] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
[11/04/2007, 15:44:00] - Finished Searching Browser Helper Objects
[11/04/2007, 15:44:00] - *** Detected MSEvents Object
[11/04/2007, 15:44:00] - Trying to remove MSEvents Object...
[11/04/2007, 15:44:01] - Terminating Process: IEXPLORE.EXE
[11/04/2007, 15:44:01] - Terminating Process: RUNDLL32.EXE
[11/04/2007, 15:44:02] - Disabling Automatic Shell Restart
[11/04/2007, 15:44:02] - Terminating Process: EXPLORER.EXE
[11/04/2007, 15:44:02] - Suspending the NT Session Manager System Service
[11/04/2007, 15:44:02] - Terminating Windows NT Logon/Logoff Manager
[11/04/2007, 15:44:02] - Re-enabling Automatic Shell Restart
[11/04/2007, 15:44:02] - File to disable: C:\WINDOWS\system32\ddcbaxw.dll
[11/04/2007, 15:44:02] - Renaming C:\WINDOWS\system32\ddcbaxw.dll -> C:\WINDOWS\system32\ddcbaxw.dll.vir
[11/04/2007, 15:44:02] - File successfully renamed!
[11/04/2007, 15:44:02] - Removing HKLM\...\Browser Helper Objects\{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}
[11/04/2007, 15:44:02] - Removing HKCR\CLSID\{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}
[11/04/2007, 15:44:02] - Adding Kill Bit for ActiveX for GUID: {1F5F0160-20D8-4C4F-AF4C-02AD925015CD}
[11/04/2007, 15:44:02] - Deleting ATLEvents/MSEvents Registry entries
[11/04/2007, 15:44:03] - Removing HKLM\...\Winlogon\Notify\ddcbaxw
[11/04/2007, 15:44:03] - Searching for Browser Helper Objects:
[11/04/2007, 15:44:03] - BHO 1: {897637ED-AD5E-4FF2-BF70-99C24D79D861} ()
[11/04/2007, 15:44:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/04/2007, 15:44:03] - Checking for HKLM\...\Winlogon\Notify\ssttq
[11/04/2007, 15:44:03] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
[11/04/2007, 15:44:03] - Finished Searching Browser Helper Objects
[11/04/2007, 15:44:03] - Finishing up...
[11/04/2007, 15:44:03] - A restart is needed.
[11/04/2007, 15:44:03] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[11/04/2007, 15:44:16] - Attempting to Restart via STOP error (Blue Screen!)


=========================================================

PS I also tried running sfc/scannow fixed my device manager, scanndisk, and other stuff that had broke, but not explorer.exe.

This post has been edited by Nicdez: Nov 4 2007, 07:57 PM

Hi, bonnieboo109

Welcome to Geeks to go.

Look in your control panel add/remove programs for the following:

outerinfo
AskTBar
ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator

If present, click on the entry and click remove.

Download and run the Purityscan uninstaller from Here

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
3. Double click on combofix.exe & follow the prompts.
4. When finished, it will produce a report for you.
5. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Explorer.exe is working now. I had none of the programs listed in my add/remove list. Thank you so much here are my logs.

ComboFix 07-11-08.1 - Owner 2007-11-07 19:34:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.124 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.YOUR-588B4A13EA\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ystem3~1
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\ssttq.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\sfsync02
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-07 19:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 11:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-04 16:00 4,700 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-04 15:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-04 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-04 12:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-04 12:57 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\SUPERAntiSpyware.com
2007-10-31 13:14 <DIR> d-------- C:\Program Files\RegCure
2007-10-30 00:01 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-10-29 23:41 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\TrojanHunter
2007-10-29 23:39 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-29 23:25 <DIR> d-------- C:\VundoFix Backups
2007-10-29 23:01 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-29 20:57 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-29 20:57 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-29 20:57 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-29 20:57 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-29 20:57 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-29 20:57 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-29 20:57 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-29 20:57 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-29 20:46 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2007-10-29 20:46 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2007-10-29 20:46 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2007-10-29 20:46 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2007-10-29 20:46 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2007-10-29 20:46 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2007-10-29 20:46 4,096 --a--c--- C:\WINDOWS\system32\dllcache\rpcref.dll
2007-10-29 20:46 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2007-10-29 20:36 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2007-10-29 20:36 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2007-10-29 20:36 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe
2007-10-29 20:36 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2007-10-29 19:12 24,618 --a--c--- C:\WINDOWS\system32\dllcache\fa410nd5.sys
2007-10-29 19:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2007-10-29 19:12 14,336 --a--c--- C:\WINDOWS\system32\dllcache\exstrace.dll
2007-10-29 19:12 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2007-10-29 19:12 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2007-10-29 19:12 7,040 --a--c--- C:\WINDOWS\system32\dllcache\exabyte2.sys
2007-10-29 19:06 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2007-10-29 19:04 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2007-10-29 19:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2007-10-29 19:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2007-10-29 19:00 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2007-10-29 19:00 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2007-10-29 19:00 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2007-10-29 19:00 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2007-10-29 09:30 378,684 --ahs---- C:\WINDOWS\system32\rttss.bak2
2007-10-28 10:19 32,256 --a------ C:\WINDOWS\system32\ddcbaxw.dll.vir
2007-10-25 10:14 43,520 --a------ C:\WINDOWS\system32\libusb0.dll
2007-10-25 10:14 28,672 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2007-10-25 09:54 <DIR> d-------- C:\lt
2007-10-17 23:40 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-10-17 23:40 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\ArcSoft
2007-10-17 23:40 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-14 19:01 <DIR> d-------- C:\Program Files\GameSpy Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 00:47 --------- d-----w C:\Program Files\TrueAssistant
2007-11-07 02:20 --------- d-----w C:\Program Files\SpeedFan
2007-11-06 21:25 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\OpenOffice.org2
2007-11-04 20:00 --------- d-----w C:\Program Files\LocalCooling
2007-11-04 19:53 --------- d-----w C:\Program Files\Java
2007-11-04 19:46 --------- d-----w C:\Program Files\BOINC
2007-11-04 18:55 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-04 17:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 05:46 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Azureus
2007-10-30 04:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 03:14 --------- d-----w C:\Program Files\lx_cats
2007-10-27 15:51 --------- d-----w C:\Program Files\Google
2007-10-21 16:09 --------- d-----w C:\Program Files\DivX
2007-10-18 04:40 --------- d-----w C:\Program Files\Sandisk
2007-10-14 23:57 --------- d-----w C:\Program Files\Mplayer
2007-10-12 23:31 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\FrostWire
2007-10-07 02:49 --------- d-----w C:\Program Files\Joost
2007-10-05 16:21 --------- d-----w C:\Program Files\support.com
2007-10-05 16:21 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-09-28 16:07 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-27 00:26 --------- d-----w C:\Program Files\Uplink
2007-09-20 00:34 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Atari
2007-09-20 00:19 --------- d-----w C:\Program Files\Common Files\PocketSoft
2007-09-20 00:19 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Leadertech
2007-09-20 00:16 --------- d-----w C:\Program Files\Atari
2007-09-13 04:03 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Emulators
2007-09-09 14:36 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Viewpoint
2007-09-09 04:29 --------- d-----w C:\Program Files\Activision
2007-04-10 04:24:21 105,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-10 04:24:21 4,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 00:04]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 19:44 C:\WINDOWS\RTHDCPL.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 14:00]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 17:09]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 14:00]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"EC21"="C:\Program Files\EC21Messenger\EZQ.EXE" [2007-03-05 09:46]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 14:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 16:31]
"Steam"="" []
"Power2GoExpress"="NA" []
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 16:56]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

C:\Documents and Settings\Owner.YOUR-588B4A13EA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 10:19:50]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-11-17 04:45:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-02-22 11:59:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttq.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"Reminder"=%WINDIR%\Creator\Remind_XP.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\WINDOWS\system32\DRIVERS\libusb0.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5197a2ee-3311-11dc-9efc-00146c8929a2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d30f5173-20bb-11db-870b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 00:45:42 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-01 07:00:54 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 19:46:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 19:50:30 - machine was rebooted
.
--- E O F ---





===============================================================




Logfile of HijackThis v1.99.1
Scan saved at 7:52:12 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [LocalCooling] "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EC21] C:\Program Files\EC21Messenger\EZQ.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

Hi, Nicdez

The programs are missing from where? The Add/Remove Programs list?, the Start Menu?, or from the Desktop?

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

In addition:

Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.

If the files are too long, attach them to a reply:

1. Scroll down and click the [Manage Attachments] button
2. Browse to the following folder:
   • C:\Deckard\System Scanner
3. Click Upload to upload these files one by one
4. Submit your reply

None of the following programs were found in my add/remove programs list

outerinfo
AskTBar
ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator

Sorry for the confusion. Here are my logs.

ComboFix 07-11-08.1 - Owner 2007-11-08 9:46:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT -5:00]Running from: C:\Documents and Settings\Owner.YOUR-588B4A13EA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.YOUR-588B4A13EA\Desktop\CFScript.txt

FILE
C:\WINDOWS\system32\ddcbaxw.dll.vir
C:\WINDOWS\system32\rttss.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcbaxw.dll.vir
C:\WINDOWS\system32\rttss.bak2

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-07 19:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 11:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-04 16:00 4,700 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-04 15:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-04 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-04 12:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-04 12:57 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\SUPERAntiSpyware.com
2007-10-31 13:14 <DIR> d-------- C:\Program Files\RegCure
2007-10-30 00:01 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-10-29 23:41 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\TrojanHunter
2007-10-29 23:39 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-29 23:25 <DIR> d-------- C:\VundoFix Backups
2007-10-29 23:01 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-29 20:57 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-29 20:57 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-29 20:57 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-29 20:57 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-29 20:57 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-29 20:57 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-29 20:57 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-29 20:57 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-29 20:46 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2007-10-29 20:46 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2007-10-29 20:46 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2007-10-29 20:46 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2007-10-29 20:46 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2007-10-29 20:46 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2007-10-29 20:46 4,096 --a--c--- C:\WINDOWS\system32\dllcache\rpcref.dll
2007-10-29 20:46 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2007-10-29 20:36 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2007-10-29 20:36 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2007-10-29 20:36 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe
2007-10-29 20:36 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2007-10-29 19:12 24,618 --a--c--- C:\WINDOWS\system32\dllcache\fa410nd5.sys
2007-10-29 19:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2007-10-29 19:12 14,336 --a--c--- C:\WINDOWS\system32\dllcache\exstrace.dll
2007-10-29 19:12 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2007-10-29 19:12 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2007-10-29 19:12 7,040 --a--c--- C:\WINDOWS\system32\dllcache\exabyte2.sys
2007-10-29 19:06 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2007-10-29 19:04 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2007-10-29 19:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2007-10-29 19:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2007-10-29 19:00 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2007-10-29 19:00 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2007-10-29 19:00 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2007-10-29 19:00 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2007-10-25 10:14 43,520 --a------ C:\WINDOWS\system32\libusb0.dll
2007-10-25 10:14 28,672 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2007-10-25 09:54 <DIR> d-------- C:\lt
2007-10-17 23:40 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-10-17 23:40 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\ArcSoft
2007-10-17 23:40 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-14 19:01 <DIR> d-------- C:\Program Files\GameSpy Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 00:47 --------- d-----w C:\Program Files\TrueAssistant
2007-11-07 02:20 --------- d-----w C:\Program Files\SpeedFan
2007-11-06 21:25 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\OpenOffice.org2
2007-11-04 20:00 --------- d-----w C:\Program Files\LocalCooling
2007-11-04 19:53 --------- d-----w C:\Program Files\Java
2007-11-04 19:46 --------- d-----w C:\Program Files\BOINC
2007-11-04 18:55 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-04 17:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 05:46 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Azureus
2007-10-30 04:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 03:14 --------- d-----w C:\Program Files\lx_cats
2007-10-27 15:51 --------- d-----w C:\Program Files\Google
2007-10-21 16:09 --------- d-----w C:\Program Files\DivX
2007-10-18 04:40 --------- d-----w C:\Program Files\Sandisk
2007-10-14 23:57 --------- d-----w C:\Program Files\Mplayer
2007-10-12 23:31 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\FrostWire
2007-10-07 02:49 --------- d-----w C:\Program Files\Joost
2007-10-05 16:21 --------- d-----w C:\Program Files\support.com
2007-10-05 16:21 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-09-28 16:07 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-27 00:26 --------- d-----w C:\Program Files\Uplink
2007-09-20 00:34 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Atari
2007-09-20 00:19 --------- d-----w C:\Program Files\Common Files\PocketSoft
2007-09-20 00:19 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Leadertech
2007-09-20 00:16 --------- d-----w C:\Program Files\Atari
2007-09-13 04:03 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Emulators
2007-09-09 14:36 --------- d-----w C:\Documents and Settings\Owner.YOUR-588B4A13EA\Application Data\Viewpoint
2007-09-09 04:29 --------- d-----w C:\Program Files\Activision
2007-04-10 04:24:21 105,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-10 04:24:21 4,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\lt ----

2004-01-22 15:48 88224 --a------ C:\lt\MYT-LULT\Dupe.exe
2004-01-22 15:46 298 --a------ C:\lt\MYT-LULT\setup.bat
2003-12-19 19:07 6025216 --a------ C:\lt\MYT-LULT\Cruise.exe


((((((((((((((((((((((((((((( snapshot@2007-11-07_19.49.58.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-08 14:51:38 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_414.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 00:04]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 19:44 C:\WINDOWS\RTHDCPL.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 14:00]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 17:09]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 14:00]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"EC21"="C:\Program Files\EC21Messenger\EZQ.EXE" [2007-03-05 09:46]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 14:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 16:31]
"Steam"="" []
"Power2GoExpress"="NA" []
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 16:56]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

C:\Documents and Settings\Owner.YOUR-588B4A13EA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 10:19:50]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-11-17 04:45:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-02-22 11:59:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"Reminder"=%WINDIR%\Creator\Remind_XP.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\WINDOWS\system32\DRIVERS\libusb0.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5197a2ee-3311-11dc-9efc-00146c8929a2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d30f5173-20bb-11db-870b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 14:51:39 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-08 12:04:45 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 09:51:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 9:57:22 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-07 19:50
.
--- E O F ---


This post has been edited by Nicdez: Nov 8 2007, 09:24 AM

Hi, Nicdez

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O4 - HKCU\..\Run: [Power2GoExpress] NA
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\lt

Take a look at the Device Manager. Seems that some devices are in conflict. Seems that you need to reload your Video Adapter drivers.

Restart tyhe computer and let me know is it doing.

Everything seems to be working. my device manager wasn't working but i found a windows help file that actually helped. Thank you for your help. As soon as I come across an extra $20 I will certainly donate.

Hi, Nicdez.

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Create a Restore point:

1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
2. In the System Restore dialog box, click Create a restore point, and then click Next.
3. Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
5. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
6. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
7. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
8. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
   
9. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Best wishes!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.