[fable1]

Hello everyone

This a thread continuing from this one:

http://www.techsupportforum.com/sec...p-inactive/305520-spyware-adware-problem.html

Due to personal obligations I didn't have internet access for a long time and that's why my post got inactive.

Here is the response to the last request from the consultant that was helping me:

Combofix.txt:

ComboFix 08-11-18.A2 - user 2008-11-19 19:39:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.61 [GMT 2:00]
Running from: c:\documents and settings\user\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: c:\documents and settings\user\Επιφάνεια εργασίας\CFScript.txt

FILE ::
c:\windows\system32\drivers\_004243_.tmp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\ADSL Software Ltd
c:\documents and settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080622195536156.log
c:\documents and settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080622214834484.log
c:\documents and settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080623122555875.log
c:\documents and settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080623172105703.log
c:\documents and settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080623231045765.log
c:\documents and settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe
c:\progra~1\COMMON~1\SYMANT~1
c:\progra~1\COMMON~1\SYMANT~1\{15DD0762-B9B2-4D5F-8BDE-0AFEB17DB087}.dat
c:\progra~1\COMMON~1\SYMANT~1\{3A744306-D434-4069-BADB-021BEB0F6934}.dat
c:\progra~1\COMMON~1\SYMANT~1\ccReg_old.dat
c:\progra~1\COMMON~1\SYMANT~1\CommonClient_old.dat
c:\progra~1\COMMON~1\SYMANT~1\SymNeti1000.log
c:\progra~1\COMMON~1\SYMANT~1\SymNeti1001.log
c:\progra~1\COMMON~1\SYMANT~1\SymNeti1002.log
c:\progra~1\COMMON~1\SYMANT~1\SymNeti1003.log
c:\progra~1\COMMON~1\SYMANT~1\SymNeti1004.log
c:\progra~1\COMMON~1\SYMANT~1\SymNeti1005.log
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\program files\Norton AntiVirus
c:\program files\Norton AntiVirus\{A23ACAE7-E781-4A1E-9126-7A10ABA486A7}.dat
c:\program files\Norton AntiVirus\AVApp.log
c:\program files\Norton AntiVirus\AVError.log
c:\program files\Norton AntiVirus\AVVirus.log
c:\program files\Norton AntiVirus\defloc.dat
c:\program files\Norton AntiVirus\NAVOPTS.BAK
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004290_.tmp.dll
c:\windows\system32\_004292_.tmp.dll
c:\windows\system32\_004293_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004297_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004300_.tmp.dll
c:\windows\system32\_004301_.tmp.dll
c:\windows\system32\_004303_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004319_.tmp.dll
c:\windows\system32\_004320_.tmp.dll
c:\windows\system32\_004321_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004327_.tmp.dll
c:\windows\system32\_004328_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\drivers\_004243_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 13:48 . 2008-11-18 20:54 <DIR> d-------- C:\Big Brain academy
2008-11-18 00:18 . 2008-11-18 20:51 <DIR> d-------- C:\Top Spin 3
2008-11-18 00:15 . 2008-11-18 00:15 <DIR> d-------- c:\program files\Orbitdownloader
2008-11-18 00:15 . 2008-11-19 16:58 <DIR> d-------- c:\documents and settings\user\Application Data\Orbit
2008-11-15 04:54 . 2008-11-16 01:39 <DIR> d-------- c:\documents and settings\user\Application Data\FrostWire
2008-11-15 04:52 . 2008-11-15 04:54 <DIR> d-------- c:\program files\FrostWire
2008-11-15 04:52 . 2008-11-15 04:52 <DIR> d-------- c:\program files\AskSearch
2008-11-12 15:34 . 2008-11-12 15:34 128 --a------ c:\windows\system32\'
2008-11-12 15:33 . 2004-06-26 13:22 6,016 --a------ c:\windows\system32\drivers\vnccom.SYS
2008-11-12 15:30 . 2008-11-12 15:30 <DIR> d-------- c:\program files\UltraVNC
2008-11-12 15:30 . 2005-06-10 22:02 12,800 --a------ c:\windows\system32\vncdrv.dll
2008-11-12 15:30 . 2004-06-26 13:21 5,760 --a------ c:\windows\system32\vnchelp.dll
2008-11-12 15:30 . 2004-06-26 13:22 4,736 --a------ c:\windows\system32\drivers\vncdrv.sys
2008-11-12 15:20 . 2008-11-12 15:20 <DIR> d-------- c:\program files\No-IP
2008-11-07 20:28 . 2008-11-07 20:27 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-07 20:28 . 2008-11-07 20:27 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-07 20:27 . 2008-11-07 20:27 <DIR> d-------- c:\program files\Java
2008-11-04 04:36 . 2008-11-04 04:36 <DIR> d-------- c:\documents and settings\user\Application Data\Righteous Kill
2008-11-03 19:41 . 2004-09-07 14:00 4,294,144 --a------ c:\windows\system32\dllcache\wmm2res.dll
2008-11-03 19:40 . 2007-10-25 18:43 8,523,776 --a------ c:\windows\system32\dllcache\shell32.dll
2008-11-03 19:22 . 2008-11-03 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-03 19:15 . 2008-11-03 19:15 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-11-03 19:15 . 2008-11-03 19:15 <DIR> d-------- c:\program files\MSECACHE
2008-11-02 22:23 . 2008-11-03 14:50 <DIR> d-------- c:\documents and settings\user\Application Data\MysteryStudio
2008-11-02 20:59 . 2008-11-02 20:59 <DIR> d-------- c:\windows\Righteous Kill
2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d-------- C:\rsit
2008-11-02 20:03 . 2008-11-02 20:03 <DIR> d-------- c:\program files\trend micro
2008-11-02 19:42 . 2008-11-02 19:44 250 --a------ c:\windows\gmer.ini
2008-10-24 12:49 . 2004-09-07 14:00 71,040 --------- c:\windows\system32\drivers\_004252_.tmp.dll
2008-10-23 20:55 . 2008-11-03 20:39 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-10-23 20:55 . 2008-11-03 20:39 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-10-23 20:15 . 2008-11-03 19:56 <DIR> d-------- c:\windows\system32\el-gr
2008-10-23 20:15 . 2008-11-03 19:56 <DIR> d-------- c:\windows\system32\el
2008-10-23 20:15 . 2008-11-03 19:56 <DIR> d-------- c:\windows\system32\bits
2008-10-23 20:15 . 2008-11-03 19:55 <DIR> d-------- c:\windows\l2schemas
2008-10-23 20:02 . 2008-11-03 19:39 <DIR> d-------- c:\windows\EHome
2008-10-23 16:32 . 2008-04-14 18:29 8,524,800 --a------ c:\windows\system32\SET2AE.tmp
2008-10-23 16:31 . 2008-04-14 18:29 3,066,880 --a------ c:\windows\system32\SET469.tmp
2008-10-23 16:30 . 2008-04-14 18:29 1,267,200 --a------ c:\windows\system32\SET5B9.tmp
2008-10-22 17:46 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-10-22 17:45 . 2008-10-22 17:45 <DIR> d-------- c:\program files\Panda Security
2008-10-22 01:06 . 2008-10-22 01:06 <DIR> d-------- c:\windows\Agatha Christie - Death on the Nile {h33t} {oi812heet}
2008-10-22 00:36 . 2008-10-22 00:37 <DIR> d-------- c:\program files\CleanUp!
2008-10-22 00:29 . 2008-10-22 00:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreshGames
2008-10-21 23:51 . 2008-10-21 23:51 <DIR> d-------- c:\program files\ReflexiveArcade
2008-10-21 23:29 . 2008-10-22 00:13 <DIR> d-------- c:\program files\DNA
2008-10-21 20:10 . 2008-10-21 20:10 <DIR> d-------- c:\program files\Security Task Manager
2008-10-21 20:10 . 2008-10-21 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-10-20 02:27 . 2008-10-20 02:27 <DIR> d-------- c:\documents and settings\user\Application Data\FloodLightGames
2008-10-20 02:27 . 2008-10-20 02:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\FloodLightGames
2008-10-20 02:26 . 2008-10-20 02:26 13 --a------ c:\windows\popcinfo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 14:58 --------- d-----w c:\documents and settings\user\Application Data\Skype
2008-11-19 14:57 --------- d-----w c:\documents and settings\user\Application Data\skypePM
2008-11-18 12:50 --------- d-----w c:\documents and settings\user\Application Data\U3
2008-11-05 13:26 --------- d-----w c:\program files\LimeWire
2008-11-05 13:25 --------- d-----w c:\documents and settings\user\Application Data\LimeWire
2008-11-04 01:26 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
2008-11-03 16:10 --------- d-----w c:\documents and settings\user\Application Data\BitTorrent
2008-10-21 23:00 --------- d-----w c:\program files\Google
2008-10-21 21:53 --------- d-----w c:\documents and settings\user\Application Data\PlayFirst
2008-10-21 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-21 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-09 20:14 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-08 10:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-07 23:32 --------- d-----w c:\program files\GRETECH
2008-10-07 23:30 --------- d-----w c:\documents and settings\user\Application Data\LG Electronics
2008-09-15 15:38 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:38 1,846,272 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-28 08:02 75,264 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 08:02 75,264 ----a-w c:\windows\system32\dllcache\msw3prt.dll
2008-08-28 08:02 104,960 ----a-w c:\windows\system32\win32spl.dll
2008-08-28 08:02 104,960 ----a-w c:\windows\system32\dllcache\win32spl.dll
2008-08-19 09:30 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
2007-12-03 23:47 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-26 13:42 20,328 ----a-w c:\documents and settings\user\Application Data\GDIPFONTCACHEV1.DAT
2004-04-21 16:35 7,971,360 ----a-w c:\documents and settings\mame32\cheat.dat
2001-03-14 10:14 81,920 ----a-w c:\documents and settings\mame32\romcmp.exe
2001-03-14 10:01 10,956,800 ----a-w c:\documents and settings\mame32\mame32ppro.exe
2000-11-08 20:01 10,584,064 ----a-w c:\documents and settings\mame32\mame32.exe
1999-08-12 21:20 4,312 ----a-w c:\documents and settings\mame32\Mameopl.sys
1998-09-18 23:00 766 ----a-w c:\documents and settings\mame32\INSTOPL.BAT
1998-07-11 23:13 53,760 ----a-w c:\documents and settings\mame32\zlib.dll
1998-03-01 18:34 160,256 ----a-w c:\documents and settings\mame32\midas11.dll
1997-12-16 02:00 131,072 ----a-w c:\documents and settings\mame32\zip32.dll
2005-11-19 14:30 32 -csha-w c:\windows\{1DEFFD89-D90A-48B2-A7CC-A3FA2DF2D232}.dat
2005-11-19 14:29 32 -csha-w c:\windows\{4D3DCBA3-2D4C-475C-A5B7-658C9AF50EEB}.dat
2005-11-19 14:29 32 --sha-w c:\windows\system32\{0FF966FC-8394-47EA-8C6A-3F15B2EFD4C5}.dat
2005-11-19 14:30 32 --sha-w c:\windows\system32\{9AA518F9-C456-4D80-A102-67EDE427C103}.dat
.

((((((((((((((((((((((((((((( [email protected]_18.33.34.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-07-19 15:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-07-19 15:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
+ 2004-09-07 12:00:00 71,040 ------w c:\windows\system32\drivers\_004252_.tmp.dll
- 2008-07-19 14:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-07-19 15:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-07-19 15:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-01-17 15:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-01-17 17:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-07-19 15:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-07-19 15:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-07-19 15:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-07-19 15:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-02-21 23:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-07 18:27:32 144,792 ----a-w c:\windows\system32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-07 18:27:32 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-07 18:27:33 148,888 ----a-w c:\windows\system32\javaws.exe
- 2007-11-21 00:52:38 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-02-26 15:36:57 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-11-06 21:18:21 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-09-07 12:00:00 40,576 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\intelppm.sys
+ 2004-08-03 23:07:44 44,672 ----a-w c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\UAGP35.SYS
+ 2008-11-19 14:54:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_474.dat
+ 2008-11-19 14:54:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5cc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-11-16 21760296]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 3644464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-01-04 28672]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"SiSPower"="SiSPower.dll" [2005-01-19 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Start Menu\�¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-11-18 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--------- 2006-06-09 00:11 24576 c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2006-05-31 15:00 143360 c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-09-07 14:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTPWare]
-ra------ 2004-11-17 09:34 258048 c:\program files\Elantech\Ktp3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-16 12:41 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2001-12-26 14:12 472576 c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-09-16 14:39 69632 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24574:TCP"= 24574:TCP:BitComet 24574 TCP
"24574:UDP"= 24574:UDP:BitComet 24574 UDP
"23991:TCP"= 23991:TCP:Lime
"23991:UDP"= 23991:UDP:lime
"6881:TCP"= 6881:TCP:BitTorent
"6881:UDP"= 6881:UDP:BitTorent
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"5900:TCP"= 5900:TCP:connect
"5900:UDP"= 5900:UDP:connect

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-22 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-03 20560]
R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2008-11-12 6016]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-11-16 113976]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\DRIVERS\Ktp3.sys [2005-03-09 24704]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;c:\windows\system32\DRIVERS\sisnicxp.sys [2005-03-09 32768]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2007-04-16 185504]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2007-04-16 6272]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-11-16 63555]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64eb1f0e-c8e5-11dc-aa53-0090f549260f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e5b1e6-d0ca-11dc-aa62-4d6564696130}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd6a67b6-907c-11d9-a748-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DaemonTools_WhenUSave_Installer - c:\program files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 19:42:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 19:44:26
ComboFix-quarantined-files.txt 2008-11-19 17:44:07
ComboFix2.txt 2008-11-03 16:34:30

Pre-Run: 4,293,058,560 διαθέσιμα byte
Post-Run: 4,283,027,456 διαθέσιμα byte

325 --- E O F --- 2008-11-07 18:04:59

Hikackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 μμ, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1D6802-A3FD-40B1-A536-1EB695493CA3}: NameServer = 194.177.210.211
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)


Thank you for any help!!

 

[fable1]

bump!

 

[fable1]

bump!

 

[Ried]

Hello fable1,

We prefer the more comprehensive scan that dds.scr provides. You should still have it on your desktop - please run a new scan with dds and post the dds.txt for review.

 

[Ried]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html