Hello, i have a new laptop and when i was on the internet my computer popped up 'my computer' and showed me my files had been infected. It was a windows based detector (unfamiliar what detecting program it was - didnt know i had it) which then listed trojans and other things which had infected the computer. A window popped up to say i could delete the infections. So i clicked for them to be deleted. To make sure things were clear I ran full system scans. My computer/internet is running fine but would like for you to look at my scan logs and HJT log:

I used avira which came back with nothing except this 'warning':

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.

Then i scanned using Malwarebytes anti-malware, this is the log file:

Malwarebytes' Anti-Malware 1.44
Database version: 3781
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

23/02/2010 23:55:26
mbam-log-2010-02-23 (23-55-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175134
Time elapsed: 27 minute(s), 2 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 12

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi141.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\Zwunzi\zwunzi.exe (Adware.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Zwunzi\zwunzi.dll (Adware.Zwunzi) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\zwunzi (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\zwunzi service (Adware.Zwunzi) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Zwunzi (Adware.Zwunzi) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences (Adware.Zwunzi) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi141.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Zwunzi\zwunzi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Zwunzi\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C92DB56-6464-4CBF-83E6-ECFE03C1D6B4}\RP26\A0002413.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C92DB56-6464-4CBF-83E6-ECFE03C1D6B4}\RP26\A0002414.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C92DB56-6464-4CBF-83E6-ECFE03C1D6B4}\RP26\A0002420.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C92DB56-6464-4CBF-83E6-ECFE03C1D6B4}\RP26\A0002488.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Zwunzi\zwunzi.dll (Adware.Zwunzi) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js (Adware.Zwunzi) -> Quarantined and deleted successfully.

I then used spybot.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 01:37:27, on 24/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\TrendMicro\HiJackThis\HiJackThis. exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\Lucy\My Documents\Programs\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7387 bytes

Uninstall list:

µTorrent
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATK0100 ACPI UTILITY
Avira AntiVir Personal - Free Antivirus
Bonjour
Free Sound Recorder v8.1.1
FUJIFILM FinePixViewer S Ver.2.1
HiJackThis
Hotfix for Windows XP (KB976098-v2)
Infineon TPM Professional Package
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
K-Lite Codec Pack 5.0.0 (Full)
Macrium Reflect - Free Edition
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
PC Connectivity Solution
Power4 Gear
QuickTime
REALTEK PCIE NIC Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
SCRABBLE® 2005 EDITION
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinZip 14.0

Thanks for your help.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hi, i downloaded and ran combofix. It ran the completed stages and then when deletion was about to start a screen came up with a 'problem has been detected' and before i could read the rest the computer crashed and restarted. So i have no log to post. Here is a new HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:09:23, on 24/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\TrendMicro\HiJackThis\HiJackThis. exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\Lucy\My Documents\Programs\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6943 bytes

Delete your Combofix file.
Download fresh one from HERE and try again.
I renamed the file for a reason.

The same thing happened again.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run Combofix.

I downloaded and ran the Rkill tool and it ran successfully but when i ran combofix it stiil crashed. I then tried the next rkill tool and the same thing happened. It happened with all of them.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

Here is the TDSSKiller.txt log file:

19:23:08:125 1912 TDSS rootkit removing tool 2.2.7 Feb 25 2010 10:44:44
19:23:08:125 1912 ================================================== ==============================
19:23:08:125 1912 SystemInfo:

19:23:08:125 1912 OS Version: 5.1.2600 ServicePack: 3.0
19:23:08:125 1912 Product type: Workstation
19:23:08:125 1912 ComputerName: USER-9FB00D57DB
19:23:08:125 1912 UserName: Lucy
19:23:08:125 1912 Windows directory: C:\WINDOWS
19:23:08:125 1912 Processor architecture: Intel x86
19:23:08:125 1912 Number of processors: 2
19:23:08:125 1912 Page size: 0x1000
19:23:08:125 1912 Boot type: Normal boot
19:23:08:125 1912 ================================================== ==============================
19:23:08:140 1912 UnloadDriverW: NtUnloadDriver error 2
19:23:08:140 1912 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:23:08:203 1912 Initialize success
19:23:08:203 1912
19:23:08:203 1912 Scanning Services ...
19:23:08:203 1912 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:23:08:203 1912 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:23:08:203 1912 wfopen_ex: Trying to KLMD file open
19:23:08:203 1912 wfopen_ex: File opened ok (Flags 2)
19:23:08:203 1912 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:23:08:203 1912 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:23:08:203 1912 wfopen_ex: Trying to KLMD file open
19:23:08:203 1912 wfopen_ex: File opened ok (Flags 2)
19:23:08:671 1912 GetAdvancedServicesInfo: Raw services enum returned 312 services
19:23:08:687 1912 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:23:08:687 1912 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:23:08:687 1912
19:23:08:687 1912 Scanning Kernel memory ...
19:23:08:687 1912 Devices to scan: 2
19:23:08:687 1912
19:23:08:687 1912 Driver Name: Disk
19:23:08:687 1912 IRP_MJ_CREATE : F84D9BB0
19:23:08:687 1912 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
19:23:08:687 1912 IRP_MJ_CLOSE : F84D9BB0
19:23:08:687 1912 IRP_MJ_READ : F84D3D1F
19:23:08:687 1912 IRP_MJ_WRITE : F84D3D1F
19:23:08:687 1912 IRP_MJ_QUERY_INFORMATION : 804F4562
19:23:08:687 1912 IRP_MJ_SET_INFORMATION : 804F4562
19:23:08:687 1912 IRP_MJ_QUERY_EA : 804F4562
19:23:08:687 1912 IRP_MJ_SET_EA : 804F4562
19:23:08:687 1912 IRP_MJ_FLUSH_BUFFERS : F84D42E2
19:23:08:687 1912 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
19:23:08:687 1912 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
19:23:08:687 1912 IRP_MJ_DIRECTORY_CONTROL : 804F4562
19:23:08:687 1912 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
19:23:08:687 1912 IRP_MJ_DEVICE_CONTROL : F84D43BB
19:23:08:687 1912 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84D7F28
19:23:08:687 1912 IRP_MJ_SHUTDOWN : F84D42E2
19:23:08:687 1912 IRP_MJ_LOCK_CONTROL : 804F4562
19:23:08:687 1912 IRP_MJ_CLEANUP : 804F4562
19:23:08:687 1912 IRP_MJ_CREATE_MAILSLOT : 804F4562
19:23:08:687 1912 IRP_MJ_QUERY_SECURITY : 804F4562
19:23:08:687 1912 IRP_MJ_SET_SECURITY : 804F4562
19:23:08:687 1912 IRP_MJ_POWER : F84D5C82
19:23:08:687 1912 IRP_MJ_SYSTEM_CONTROL : F84DA99E
19:23:08:687 1912 IRP_MJ_DEVICE_CHANGE : 804F4562
19:23:08:687 1912 IRP_MJ_QUERY_QUOTA : 804F4562
19:23:08:687 1912 IRP_MJ_SET_QUOTA : 804F4562
19:23:08:718 1912 sion
19:23:08:734 1912 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:23:08:734 1912
19:23:08:734 1912 Driver Name: atapi
19:23:08:734 1912 IRP_MJ_CREATE : F83066F2
19:23:08:734 1912 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
19:23:08:734 1912 IRP_MJ_CLOSE : F83066F2
19:23:08:734 1912 IRP_MJ_READ : 804F4562
19:23:08:734 1912 IRP_MJ_WRITE : 804F4562
19:23:08:734 1912 IRP_MJ_QUERY_INFORMATION : 804F4562
19:23:08:734 1912 IRP_MJ_SET_INFORMATION : 804F4562
19:23:08:734 1912 IRP_MJ_QUERY_EA : 804F4562
19:23:08:734 1912 IRP_MJ_SET_EA : 804F4562
19:23:08:734 1912 IRP_MJ_FLUSH_BUFFERS : 804F4562
19:23:08:734 1912 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
19:23:08:734 1912 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
19:23:08:734 1912 IRP_MJ_DIRECTORY_CONTROL : 804F4562
19:23:08:734 1912 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
19:23:08:734 1912 IRP_MJ_DEVICE_CONTROL : F8306712
19:23:08:734 1912 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8302852
19:23:08:734 1912 IRP_MJ_SHUTDOWN : 804F4562
19:23:08:734 1912 IRP_MJ_LOCK_CONTROL : 804F4562
19:23:08:734 1912 IRP_MJ_CLEANUP : 804F4562
19:23:08:734 1912 IRP_MJ_CREATE_MAILSLOT : 804F4562
19:23:08:734 1912 IRP_MJ_QUERY_SECURITY : 804F4562
19:23:08:734 1912 IRP_MJ_SET_SECURITY : 804F4562
19:23:08:734 1912 IRP_MJ_POWER : F830673C
19:23:08:734 1912 IRP_MJ_SYSTEM_CONTROL : F830D336
19:23:08:734 1912 IRP_MJ_DEVICE_CHANGE : 804F4562
19:23:08:734 1912 IRP_MJ_QUERY_QUOTA : 804F4562
19:23:08:734 1912 IRP_MJ_SET_QUOTA : 804F4562
19:23:08:765 1912 siohd: 0
19:23:08:781 1912 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
19:23:08:781 1912
19:23:08:781 1912 Completed
19:23:08:781 1912
19:23:08:781 1912 Results:
19:23:08:781 1912 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:23:08:781 1912 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:23:08:781 1912 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:23:08:781 1912
19:23:08:781 1912 KLMD(ARK) unloaded successfully

Try Combofix again.