Yet another .. no another ... Not valid win32 application

P2P struck me down 2 days ago .... Bagal worm and many others. I have read through many of the posts and tried to follow the advice, but seem to be going around in circles now ... hence the cry for help please.

I have managed to cure the lack of internet, but modifying the registry as mentioned on several posts. I have run bitdefender on-line AV with some success.

Can someone help me please? Thanks in advance

Daarc

ok read the stickies and starting to follow them. I will follow steps 1-5 and post logs as i finish each step.

Welcome



Doing this can cause issues if not done right.


What programs and fixes have you run?? I need to see the logs from those programs if at all possible.

What programs and fixes have you run?? I need to see the logs from those programs if at all possible.[/QUOTE]

First of all .... THANK YOU for helping

I followed the instructions of the five step sticky ... here are the logs;

Problems still apparent:-
Not a valid win32 application
Wireless icon indicating not connected by i have a wireless connection
no firewall
no antivirus will load on startup.
cannot boot into 'safe' mode

cannot see hidden files even thou the check box is clear - resolved - used the following fix -
(Go to Start >Run>
Type "regedit"
Expand HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
change the dword value to 1. It was 2)


Logs in next reply

Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Quick Scan
Objects scanned: 33279
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\Program Files\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\Program Files\AdwareAlert\FilterDrv\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log

Generated 04/10/2008 at 01:11 AM

Application Version : 4.0.1154

Core Rules Database Version : 3434
Trace Rules Database Version: 1426

Scan type : Complete Scan
Total Scan Time : 00:59:39

Memory items scanned : 347
Memory threats detected : 0
Registry items scanned : 5994
Registry threats detected : 0
File items scanned : 18285
File threats detected : 0

BitDefender Online Scanner
Scan report generated at: Thu, Apr 10, 2008 - 09:44:43
Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;

Statistics
Time 02:21:55
Files 599995
Folders 13845
Boot Sectors 3
Archives 13892
Packed Files 33319

Results
Identified Viruses 6
Infected Files 14
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 14

Engines Info
Virus Definitions 1133038
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 41
Unpack plugins 7
E-mail plugins 6
System plugins 5

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP3\A0001262.exe=>(7z o)=>AdwareAlert\SpyCleaner.dll
Infected with: Trojan.SpywareStop.A

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP3\A0001262.exe=>(7z o)=>AdwareAlert\SpyCleaner.dll
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP3\A0001262.exe=>(7z o)
Update failed

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002067.exe
Infected with: MemScan:Trojan.Delf.PBM

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002067.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002068.exe
Infected with: Win32.Bagle.SVL@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002068.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002069.exe
Infected with: Win32.Bagle.SVL@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002069.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002070.exe
Infected with: MemScan:Trojan.Delf.PBM

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002070.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002071.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002071.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002072.exe
Infected with: Win32.Bagle.SVL@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002072.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002073.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002073.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002074.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002074.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002075.exe
Infected with: MemScan:Trojan.Delf.PBM

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002075.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002076.exe
Infected with: MemScan:Trojan.Delf.PBM

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002076.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002077.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002077.exe
Deleted

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002078.exe
Infected with: Trojan.Downloader.Bagle.HE

C:\System Volume Information\_restore{65408A9A-AB7D-4733-B006-BB287171F956}\RP6\A0002078.exe
Deleted

D:\My Downloads\Bitlord\Temp\012.part=>archstored:Golf Score Recorder Software Suite 2 (Crack).exe
Infected with: Trojan.Downloader.Bagle.HE

D:\My Downloads\Bitlord\Temp\012.part=>archstored:Golf Score Recorder Software Suite 2 (Crack).exe
Deleted

D:\My Downloads\Bitlord\Temp\012.part
Update failed

Logfile of HijackThis v1.99.1
Scan saved at 09:57, on 2008-04-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Russ\Desktop\Kill Virus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe"
O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://safeharbor.dyndns.org/plugin/h263ctrl.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) -
O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: yayxvts - yayxvts.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Wireless Adapter Configurator - Tech Mahindra- PUNE - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Additional activity carried out since logs:-

D:\My Downloads\Bitlord\Temp\012.part - deleted
System restore turned off
System rebooted
System Restore turned on

Re-running Bit Defender AV, while waiting for response.

BitDefender new log - All clear

BitDefender Online Scanner
Scan report generated at: Thu, Apr 10, 2008 - 12:39:45
Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;
Statistics
Time 02:14:18
Files 598372
Folders 13828
Boot Sectors 3
Archives 13828
Packed Files 33203
Results
Identified Viruses 0
Infected Files 0
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 0

Engines Info
Virus Definitions 1133089
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 41
Unpack plugins 7
E-mail plugins 6
System plugins 5

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File
Status No virus found.

We need to stop just tossing fixes at this computer before things get worse.

Here are a few things up front that need to be addressed.

1-Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.
I would advise you to go to Add/Remove programs and uninstall your poker programs.

Here are links to some poker sites regarded as safe for your reference.
1.http://www.pokerstars.net/ - This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.


2-P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.



Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I would recommend that you uninstall Your P2P programs, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


If you wish to keep P2P programs, please do not use them until your computer is cleaned.


Now lets get to the hard part and clean up this mess.
The process is not instant. Absence of symptoms does not mean that everything is clear.



Do NOT disable your system restore till your are instructed to do so. It is better to have a dirty restore point than none at all.




Download Combofix from the link below. You must rename it before saving it. Save it to your desktop. I suggest that you rename it to Combo-Fix.exe. The tool will suggest that name as default any way.

>> Download ComboFix <<






--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"

* Remember to re enable the protection again afterwards.


2. Double click on Combo-Fix.exe & follow the prompts.

* When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.


Notes:

* Do not mouseclick combofix's window while it's running. That may cause it to stall
* CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



Please stay by the machine as it runs, and if any errors occur please try and see what they are so we can pinpoint the problem.

Poker clients removed
P2P clients removed
Clean run

ComboFix 08-04-08.10 - Russ 2008-04-10 13:52:33.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.677 [GMT 1:00]
Running from: C:\Documents and Settings\Russ\Desktop\Kill Virus\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 13:54 . 2008-04-10 13:54 53,248 --a------ C:\temp\catchme.dll
2008-04-09 16:59 . 2008-04-10 13:54 <DIR> d-------- C:\temp
2008-04-09 16:27 . 2008-04-09 17:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com
2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 16:07 . 2008-04-09 23:55 <DIR> d-------- C:\Program Files\CleanUp!
2008-04-09 12:42 . 2008-04-09 12:42 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\Malwarebytes
2008-04-09 12:41 . 2008-04-09 12:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 12:41 . 2008-04-09 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 10:31 . 2008-04-09 12:08 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\AVG7
2008-04-09 10:31 . 2008-04-09 10:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-09 10:31 . 2008-04-09 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-09 10:31 . 2008-04-09 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-09 09:57 . 2008-04-09 09:58 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 09:21 . 2008-04-09 09:25 <DIR> d-------- C:\Program Files\Panda Security
2008-04-09 00:01 . 2008-04-09 00:01 <DIR> d-------- C:\Program Files\Advantage Analysis
2008-04-08 23:03 . 2008-04-09 04:25 <DIR> d-------- C:\Documents and Settings\Russ\.housecall6.6
2008-04-08 22:53 . 2008-04-10 10:25 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-08 21:25 . 2008-04-10 13:24 <DIR> d-------- C:\Program Files\Comodo
2008-04-08 21:25 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-04-08 21:25 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-04-08 21:25 . 2004-08-04 13:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-04-08 21:11 . 2008-04-08 21:11 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-08 00:02 . 2008-04-09 18:06 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-04-03 15:13 . 2008-04-03 15:13 <DIR> d-------- C:\Program Files\iPod
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-25 18:35 . 2008-03-25 18:35 <DIR> d-------- C:\Program Files\WordBiz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 12:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 16:31 --------- d-----w C:\Program Files\btbb_wcm
2008-04-09 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 15:08 --------- d-----w C:\Documents and Settings\Russ\Application Data\Pro Cycling Manager 2007
2008-04-09 15:08 --------- d-----w C:\Documents and Settings\Russ\Application Data\Azureus
2008-04-06 15:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-03 18:47 --------- d-----w C:\Documents and Settings\Russ\Application Data\Kontiki
2008-04-03 14:13 --------- d-----w C:\Program Files\iTunes
2008-04-03 14:12 --------- d-----w C:\Program Files\QuickTime
2008-03-27 17:19 --------- d-----w C:\Documents and Settings\Russ\Application Data\Apple Computer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 18:38 --------- d-----w C:\Program Files\DNA
2008-03-06 15:54 --------- d-----w C:\Program Files\RVG Software
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 06:20 --------- d-----w C:\Documents and Settings\Russ\Application Data\Microgaming
2008-02-24 18:33 --------- d-----w C:\Documents and Settings\Russ\Application Data\postgresql
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 19:31 --------- d-----w C:\Program Files\Clever Age
2008-02-18 19:30 --------- d-----w C:\Program Files\MSECache
2008-02-13 15:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-12 07:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 20:52 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2008-01-21 20:02 737,280 ----a-w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
2007-05-18 00:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Server Application for MFP Server"="C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe" [2006-08-03 16:21 290816]
"MFP Server Agent"="C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe" [2006-08-31 08:44 716800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-09 15:37 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-09 15:29 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxvts]
yayxvts.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 107e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"P17Helper"=Rundll32 P17.dll,P17Helper
"WinGuard Pro"=C:\WINDOWS\system32\wgp.exe
"btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Games\\Football Manager 2006\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Games\\Football Manager 2007\\fm.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"D:\\Games\\Vanguard\\LaunchPad.exe"=
"C:\\WINDOWS\\kdx\\KHost.exe"=
"C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys [2006-07-24 17:54]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "C:\Poker\PostgreSQL\8.3\data\" []
R3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys [2006-08-03 16:52]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-04-03 13:51:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 13:54:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scannin