Solved cant access any files and programs.

I still cant run programs without the task managers help.... Combofix reported the following error:

The requested operation cannot be performed on a file with a user-mapped section

And here is the log:

ComboFix 08-11-10.01 - Hugues 2008-11-17 1:04:26.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.595 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\lgxypuzu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lgxypuzu.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-15 23:30 . 2008-11-15 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 23:30 . 2008-11-15 23:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-15 13:53 . 2008-11-15 13:53 <DIR> d-------- c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\Application Data\WinPatrol
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\documents and settings\Hugues1
2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-09 20:37 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-24 13:59 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 03:03 . 2008-10-24 21:58 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 23:16 --------- d-----w c:\program files\SPAMfighter
2008-11-13 21:09 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Apple Computer
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-30 23:16 143,096 ----a-w c:\windows\system32\guard32.dll
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-23 15:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2003-04-17 08:16 447,616 ----a-w c:\windows\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w c:\windows\inf\EL2K_2K.sys
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_15.21.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-17 09:13:18 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-16 17:15:31 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-16 23:16:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"RRT-Auto "= "c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\My Documents\RRT\RRT.exe" [2008-09-07 140288]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 01:08:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17 1:10:41
ComboFix-quarantined-files.txt 2008-11-17 00:10:37
ComboFix2.txt 2008-11-16 23:34:46
ComboFix3.txt 2008-11-16 18:07:59
ComboFix4.txt 2008-11-16 02:05:35
ComboFix5.txt 2008-11-17 00:03:28

Pre-Run: 15.119.269.888 bytes free
Post-Run: 15,099,928,576 bytes free

180

 

Please tell me what happens when you attempt to run programs without using Task Manager.

Also, I still want to see that export.

 

I still get the same error. Sorry, but what export are we talking about?

 

This one

I'll check back this evening.

 

Hmm.. too tired right now to do properly work.. I have managed to install Subinacl, and Ill run its script tomorrow. Its time to bed for me!

 

I was able to run SubInacl with the script merged in a dos window, but it didnt gave any changes...

Now about that export...
Im not sure what you mean, since your link redirects me to the top of page 2!

But this is the log of the first combofix script on that page...
ComboFix 08-11-10.01 - Hugues 2008-11-18 17:38:58.14 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.642 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\myrundll.exe
c:\windows\system32\vapazefi.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-15 23:30 . 2008-11-15 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 23:30 . 2008-11-15 23:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-15 13:53 . 2008-11-15 13:53 <DIR> d-------- c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\Application Data\WinPatrol
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\documents and settings\Hugues1
2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-09 20:37 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-24 13:59 . 2008-10-15 17:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 15:56 --------- d-----w c:\program files\SPAMfighter
2008-11-13 21:09 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Apple Computer
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-30 23:16 143,096 ----a-w c:\windows\system32\guard32.dll
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-23 15:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2003-04-17 08:16 447,616 ----a-w c:\windows\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w c:\windows\inf\EL2K_2K.sys
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_15.21.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-17 09:13:18 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-18 15:21:25 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-18 15:56:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"RRT-Auto "= "c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\My Documents\RRT\RRT.exe" [2008-09-07 140288]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 17:43:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-18 17:45:51
ComboFix-quarantined-files.txt 2008-11-18 16:45:46
ComboFix2.txt 2008-11-17 00:10:43
ComboFix3.txt 2008-11-16 23:34:46
ComboFix4.txt 2008-11-16 18:07:59
ComboFix5.txt 2008-11-18 16:38:00

Pre-Run: 15.340.953.600 bytes free
Post-Run: 15,322,005,504 bytes free

175

Ill be back with the log of the 2nd script as fast as I can!

 

Well bad luck.... Combofix restarted the computer, but didnt came back and wrote no logs...

 

It succeded after all! Combofix keeps amazing me!
I restarted in safe mode, and Cobofix appeared generating the log:
And here it is!

ComboFix 08-11-10.01 - Hugues 2008-11-18 19:23:11.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.607 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\rrt_is.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_vf.wav
c:\windows\Tasks\ParetoLogic Registration.job
.

((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-15 23:30 . 2008-11-15 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 23:30 . 2008-11-15 23:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-15 13:53 . 2008-11-15 13:53 <DIR> d-------- c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\Application Data\WinPatrol
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\documents and settings\Hugues1
2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-18 21:14 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-24 13:59 . 2008-10-15 17:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 18:28 --------- d-----w c:\program files\SPAMfighter
2008-11-13 21:09 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Apple Computer
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2003-04-17 08:16 447,616 ----a-w c:\windows\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w c:\windows\inf\EL2K_2K.sys
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_15.21.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-17 09:13:18 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-18 15:21:25 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"RRT-Auto "= "c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\My Documents\RRT\RRT.exe" [2008-09-07 140288]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 21:50:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-18 21:56:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 20:56:29
ComboFix2.txt 2008-11-18 16:45:54
ComboFix3.txt 2008-11-17 00:10:43
ComboFix4.txt 2008-11-16 23:34:46
ComboFix5.txt 2008-11-18 17:26:06

Pre-Run: 15.310.675.968 bytes free
Post-Run: 15,287,410,688 bytes free

172

 

This is the export I was looking for.

Please copy and paste the contents of the code box below into a command window and post the resulting text file.

Code:

reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot>safe.txt
reg query  "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ">>safe.txt
reg query HKCU\Environment>>safe.txt
start notepad safe.txt
exit
cls

Are you still having the same behavior?

 

Yes, still samme behaviour, I use the task manager every time i have to start a program...

Here is the export:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
AlternateShell REG_SZ cmd.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\VDMSound
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_REVISION REG_SZ 0209
NUMBER_OF_PROCESSORS REG_SZ 2
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
FP_NO_HOST_CHECK REG_SZ NO
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
VDMSPath REG_EXPAND_SZ C:\Program Files\VDMSound

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp

 

Export looks fine. Bear with me here on this next request ......

Please uninstall Comodo, via Admin safe mode if necessary. Let me know if there's any change after reboot.

 

WOW!! Everything is back to normal!

 

That's Great!

Do you happen to know what version of Comodo you had?

Lets get an online scan to be sure there are no other infections present too.
Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

Yes its great! :-D It was the latest version, the one before they released the new version with the integrated antivir upgrade..

 

Might want to test out the latest, and head over to their forums to post a bug report.

 

Well now you know what it is about!
Ok, heres the Kaspersky log, and there is some dirt... :-(

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 18, 2008 20:05:17
Records in database: 1392277
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 176497
Threat name: 9
Infected objects: 12
Suspicious objects: 1
Duration of the scan: 04:21:20


File name / Threat name / Threats count
C:\Documents and Settings\All Users.WINDOWS\Application Data\rexalupi\rclmfkdm.exe Infected: Trojan.Win32.Obfuscated.gx 1
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\Local Settings\Application Data\Identities\{4F8AD96B-1B18-4968-98A1-7A9E5C4C5E7A}\Microsoft\Outlook Express\Sent Items.dbx Infected: not-a-virusSWTool.Win32.ProductKey.h 1
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\ca_setup.exe Infected: not-a-virusSWTool.Win32.Cain.284 1
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\My Received Files\SK60_demo.exe Infected: not-a-virus:Monitor.Win32.SaveKeys.60 3
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\PUBLIC\Rescue\DDR\MemMen.dll Infected: Backdoor.Win32.Agent.psv 1
C:\Documents and Settings\Hugues.HHD-PCLH3ES1FZI\Local Settings\Application Data\Identities\{C4DC6B36-9B09-42A9-9ABD-B39ACA9B92F5}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Hugues.HHD-PCLH3ES1FZI\Local Settings\Application Data\Identities\{C4DC6B36-9B09-42A9-9ABD-B39ACA9B92F5}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Klez.k 1
C:\Documents and Settings\Hugues.HHD-PCLH3ES1FZI\Local Settings\Application Data\Identities\{C4DC6B36-9B09-42A9-9ABD-B39ACA9B92F5}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Klez.h 1
C:\Documents and Settings\Hugues.HUGUES-0MHLA59D\Local Settings\Application Data\Identities\{ABFFFEC1-F91F-40EE-9E3D-3E3B928EF0A3}\Microsoft\Outlook Express\Sent Items.dbx Infected: EICAR-Test-File 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lgxypuzu.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vapazefi.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

The selected area was scanned.

 

Were you aware of this keylogger?

SK60_demo.exe

 

Hmmm... no!

 

Lets get you cleaned up.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/78566-active-cant-access-any-files-programs-3.html

Collect::
C:\QooBox\Quarantine\C\WINDOWS\system32\lgxypuzu.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vapazefi.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\QooBox\Quarantine\C\windows\system32\myrundll.exe.vir
File::
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\PUBLIC\Rescue\DDR\MemMen.dll
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\ca_setup.exe
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\My Received Files\SK60_demo.exe
Folder::
C:\Documents and Settings\All Users.WINDOWS\Application Data\rexalupi
Extra::

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!


Kaspersky also detected at least 1 infected email in your Outlook Express Inbox, and 1 in the Sent folder. Unfortunately, it didn't identify which ones. Suggest some careful examination of their contents and removing anything remotely suspicious.

Let me know how the computer is behaving when you post back with the ComboFix log.

 

ComboFix has done his job, and the zip file has been succesfully submitted.

Here is the log:

ComboFix 08-11-20.02 - Hugues 2008-11-21 17:50:27.16 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.642 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\My Documents\ca_setup.exe
c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\My Documents\My Received Files\SK60_demo.exe
c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\My Documents\PUBLIC\Rescue\DDR\MemMen.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\rexalupi
c:\documents and settings\All Users.WINDOWS\Application Data\rexalupi\rclmfkdm.exe
c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\My Documents\ca_setup.exe
c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\My Documents\My Received Files\SK60_demo.exe
c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\My Documents\PUBLIC\Rescue\DDR\MemMen.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.

2008-11-19 21:16 . 2008-11-19 21:26 <DIR> d-------- c:\program files\CD-Cover Editor
2008-11-18 23:44 . 2008-11-18 23:44 16,244 --a------ c:\windows\system32\rrt_is.wav
2008-11-18 23:44 . 2008-11-18 23:44 7,302 --a------ c:\windows\system32\rrt_vf.wav
2008-11-18 23:44 . 2008-11-18 23:44 7,148 --a------ c:\windows\system32\rrt_tv.wav
2008-11-18 23:44 . 2008-11-18 23:44 6,282 --a------ c:\windows\system32\rrt_tn.wav
2008-11-15 23:30 . 2008-11-15 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 23:30 . 2008-11-15 23:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-15 13:53 . 2008-11-15 13:53 <DIR> d-------- c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\Application Data\WinPatrol
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\documents and settings\Hugues1
2008-11-13 19:16 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 19:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 15:07 . 2008-11-21 17:48 3,051,274 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-18 21:14 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-24 13:59 . 2008-10-15 17:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 16:38 --------- d-----w c:\program files\SPAMfighter
2008-11-18 22:42 --------- d-----w c:\program files\COMODO
2008-11-18 22:42 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-11-18 22:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-11-13 21:09 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Apple Computer
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:21 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-23 15:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2003-04-17 08:16 447,616 ----a-w c:\windows\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w c:\windows\inf\EL2K_2K.sys
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_15.21.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-10-17 01:59:23 38,240 ----a-r c:\windows\Installer\{90120000-0020-0406-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-11-19 16:12:10 38,240 ----a-r c:\windows\Installer\{90120000-0020-0406-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c--a-w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-17 09:13:18 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-18 15:21:25 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-21 16:37:21 16,384 ----atw c:\windows\temp\Perflib_Perfdata_714.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-03 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-03 76040]
R2 SPAMfighter Update Service;SPAMfighter Update Service; "c:\program files\SPAMfighter\sfus.exe" [2008-09-22 184968]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-05-18 4224]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2008-04-13 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2008-04-13 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-16 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-16 513152]
S4 hpt3xx;hpt3xx; []
S4 IcVzMonLauncher;IcVzMonLauncher; "c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2008-04-13 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Mozilla\Firefox\Profiles\2cf964vi.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 17:55:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-21 17:56:48
ComboFix-quarantined-files.txt 2008-11-21 16:56:45
ComboFix2.txt 2008-11-18 16:45:54
ComboFix3.txt 2008-11-17 00:10:43
ComboFix4.txt 2008-11-16 23:34:46
ComboFix5.txt 2008-11-18 17:26:06

Pre-Run: 14.793.318.400 bytes free
Post-Run: 14,995,042,304 bytes free

215 --- E O F --- 2008-11-19 16:14:55


I think all is working fine, except my connection: It feels a bit slow... Well Might be my connection, Im not sure..