Fokner

I just ran Combofix, but while it was running , i started getting some error windows. One of those windows was titled "hidec.exe", and the error was: "The instruction...0x00010067 referenced...0x0027e368. The memory could not be "written". Click OK to terminate the program" I clicked OK, and 3-4 almost similar windows followed. I clicked OK in all of them.

It's been 48 hours and no help yet. Anyone please?

Forgot to post the hijackthis log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:49 PM, on 8/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Dell Mobile Broadband\systray.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Print Manager Plus - Client\CheckPages.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellTPad\Apntex.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\DellTPad\HidFind.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Evernote\Evernote3\EvernoteTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaserver6:8080 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [PrintManagerPlusClient] "C:\Program Files\Print Manager Plus - Client\CheckPages.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.rit.edu/lib...s/ebraryRdr.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AUK.local O17 - HKLM\Software\..\Telephony: DomainName = AUK.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AUK.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AUK.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AUK.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: rbadzm - C:\WINDOWS\SYSTEM32\rbadzm.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O24 - Desktop Component 0: (no name) - http://www.netvibes.com/ -- End of file - 7925 bytes

Hi I have done all the scans as recommended on http://www.malwarebytes.org/forums/index.php?showtopic=9573, and here are the logs from Malwarebytes and Hijackthis Thanks, mbam_log_2009_08_02__09_44_32_.txt mbam_log_2009_08_02__09_44_32_.txt

I've done three scans with Malwarebytes today as i was having some problems. The first scan found 7 threads, the second one found 1 thread , and the third one found the same threads the first scan found (even though i quarantined them in the first time)! Is there a way to remove them completely? mbam_log_2009_08_01__23_13_45_.txt mbam_log_2009_08_01__23_32_42_.txt mbam_log_2009_08_01__23_58_59_.txt mbam_log_2009_08_01__23_13_45_.txt mbam_log_2009_08_01__23_32_42_.txt mbam_log_2009_08_01__23_58_59_.txt