Solved cant access any files and programs.

Maroan · 2008/11/09

[Resolved] cant access any files and programs.

Hello all!

Im french, so ill try express myself as best as i can!

"you may not have the appropriate permissions to access the items "

My daughter downloaded and ran a file she thought was clean, and since, i havent been able to start any programs from my deskboard. Every time i click on an icon i get the message above... I have tried to clean up with Combofix in safe mode, but it runs in reduced mode (?? - Never seen that before!), Hijackthis doesnt really capture any good informations in safe mode, because i think the infection is not triggered at that point...
I use WinXP Pro with SP3 installed

Im aware that the windows message is due to an infection, but i just cant find it, especially when im unable to open any programs in normal mode.
I use AVG8 and Commodo firewall, but they dont start either.
Any idea about what to do, or a link to a good solution will be highly appreciated! I hope i described my problem properly, if not just write me back, and ill do my very best to be more understandable!

dobhar · 2008/11/09

Please ignore...I missed that you posted in the correct forum. Sorry for my error.

noahdfear · 2008/11/09

It sure sounds like your account has been set as a limited user account. ComboFix will run only in Reduced Functionality mode when the account has Limited permissions. Are there any other accounts on the machine? I ask because by default there must be at least one account (other than the Administrator account) with administrative rights.

Maroan · 2008/11/09

Cant acces nayfiles nor programs in normal mode

Hello all!

Im french, so ill try express myself as best as i can!

"you may not have the appropriate permissions to access the items "

My daughter downloaded and ran a file she thought was clean, and since, i havent been able to start any programs from my deskboard. Every time i click on an icon i get the message above... I have tried to clean up with Combofix in safe mode, but it runs in reduced mode (?? - Never seen that before!), Hijackthis doesnt really capture any good informations in safe mode, because i think the infection is not triggered at that point...
I use WinXP Pro with SP3 installed

Im aware that the windows message is due to an infection, but i just cant find it, especially when im unable to open any programs in normal mode.
I use AVG8 and Commodo firewall, but they dont start either.
Any idea about what to do, or a link to a good solution will be highly appreciated! I hope i described my problem properly, if not just write me back, and ill do my very best to be more understandable!

P.S: I posted this thread obviously in the wrong category first time, now it should be right...

Here are the logs:

info.txt logfile of random's system information tool 1.04 2008-11-09 20:37:28

======Uninstall list======

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ace Utilities--> "C:\Program Files\Ace Utilities\uninstall.exe "
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Active@ File Recovery 7.3--> "C:\Program Files\Active Data Recovery Services\Active File Recovery\UNWISE.EXE" "C:\Program Files\Active Data Recovery Services\Active File Recovery\INSTALL.LOG "
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 - Dansk-->MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.3.0--> "C:\Program Files\Audacity 1.3 Beta\unins000.exe "
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0406-0000-0000000FF1CE}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Audio Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9D879B-0F98-4059-85A5-D05718A1D6F7}\SETUP.EXE" -l0x9 /remove
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyRecovery Professional Trial-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93} /l1033
Exact Audio Copy 0.99pb4-->C:\Program Files\Exact Audio Copy\uninst.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Free Internet TV v7.0--> "C:\Program Files\Free Internet TV\unins000.exe "
FW LiveUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11F5D779-7BD9-465A-BBC4-10701386BCB9}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2--> "C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\My Documents\My Games\hugues\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Hotmail & MSN Password Recovery-->C:\PROGRA~1\HOTMAI~1\UNWISE.EXE C:\PROGRA~1\HOTMAI~1\INSTALL.LOG
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Image Converter 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}\setup.exe" -l0x9 /CONPANE -removeonly
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magic DVD Ripper V5.3 build 4--> "C:\Program Files\MagicDVDRipper\unins000.exe "
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office 2000 cd 2-->MsiExec.exe /I{00040406-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010406-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Moyea FLV Player version 1.5.2.7--> "C:\Program Files\Moyea\FLV Player\unins000.exe "
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments Kore Player-->C:\PROGRA~1\NATIVE~1\KOREPL~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KOREPL~1\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero Fast CD-Burning Plug-in-->C:\WINDOWS\UnWMPBurn.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=" "
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PDF Manual NW-A800 Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}\setup.exe" -l0x9 UNINSTALL -removeonly
PE Builder 3.1.10a--> "c:\pebuilder3110a\unins000.exe "
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Power Data Recovery 4.1.1--> "C:\Program Files\PowerDataRecovery\unins000.exe "
PowerQuest PartitionMagic 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
Protected Music Converter 1.0.0.7--> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe "
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Repair 2.4--> "C:\Program Files\Registry Repair\unins000.exe "
RivaTuner v2.01--> "C:\Program Files\RivaTuner v2.01\uninstall.exe "
Security Update for Windows Internet Explorer 7 (KB938127-v2)--> "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953838)--> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly /nos
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SPAMfighter--> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
SpeedConnect XP Internet Accelerator 6.5--> "C:\Program Files\CBS Software\SpeedConnect XP Internet Accelerator\unins000.exe "
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
There--> "C:\Program Files\There\ThereClientUninst.exe "
Throttle--> "C:\Program Files\Throttle\unins000.exe "
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Tribler (remove only)-->C:\Program Files\Tribler\Uninstall.exe
Tron 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Buena Vista Interactive\Tron 2.0\Setup.exe" -l0x9
TUR Video-->MsiExec.exe /I{B149198F-5CEC-44F2-8432-56BF3CDF93B4}
TVUPlayer 2.3.5.4-->C:\Program Files\TVUPlayer\uninst.exe
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Utherverse 3D Client--> "C:\Documents and Settings\All Users.WINDOWS\Application Data\{7E2D9215-960D-47E7-B270-973EA88F37ED}\UtherverseSetup.exe" REMOVE=TRUE MODIFY=FALSE
Utherverse 3D Client-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7E2D9215-960D-47E7-B270-973EA88F37ED}\UtherverseSetup.exe
VDMSound-->C:\Program Files\VDMSound\uninst.exe
Video Downloader-->C:\Program Files\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
WALKMAN Launcher-->C:\Program Files\InstallShield Installation Information\{C20B3C31-28CD-4732-AE45-A30F401AF91F}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
Winmail Opener 1.3-->C:\Program Files\Winmail Opener\uninst.exe
WinPatrol 2007-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows--> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe "
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\VDMSound
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION "=0209
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"VDMSPath "=C:\Program Files\VDMSound
"SAFEBOOT_OPTION "=NETWORK

-----------------EOF-----------------

Second log: Hijackthis

Logfile of random's system information tool 1.04 (written by random/random)
Run by Hugues at 2008-11-09 20:37:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (9%) free of 117 GB
Total RAM: 1023 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:25, on 09-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\Desktop\RSIT.exe
C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\Desktop\Spywarefri\Hugues.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: E - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HUGUES~1.H-V\LOCALS~1\Temp\E.exe
O23 - Service: HWV - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HUGUES~1.H-V\LOCALS~1\Temp\HWV.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6882 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz "=nwiz.exe /install []
"WinPatrol "=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-24 316728]
"CTHelper "=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp "=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-29 1234712]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"SPAMfighter Agent "=C:\Program Files\SPAMfighter\SFAgent.exe [2008-09-22 324232]
"COMODO SafeSurf "=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-09-28 278264]
"COMODO Firewall Pro "=C:\Program Files\COMODO\Firewall\cfp.exe [2008-10-31 1797880]
"COMODO Internet Security "=C:\Program Files\COMODO\Firewall\cfp.exe [2008-10-31 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"NVIDIA nTune "=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-04-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2
"PACSPTISVR "=3
"MSCSPTISRV "=3
"IDriverT "=3
"IcVzMonLauncher "=3
"Bonjour Service "=2
"AcrSch2Svc "=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Reader Hurtigstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\messenger\msmsgs.exe "= "C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe "= "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 "
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe "= "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 "
"C:\WINDOWS\system32\PnkBstrA.exe "= "C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA "
"C:\WINDOWS\system32\PnkBstrB.exe "= "C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3e8e338-0747-11dd-b614-000c6e411f09}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

======List of files/folders created in the last 1 months======

2008-11-09 20:37:20 ----D---- C:\rsit
2008-11-09 18:30:05 ----D---- C:\Program Files\Ace Utilities
2008-11-09 17:42:50 ----D---- C:\ComboFix
2008-11-09 16:28:52 ----SHD---- C:\RECYCLER
2008-11-09 12:38:30 ----D---- C:\WINDOWS\temp
2008-11-09 12:38:28 ----A---- C:\ComboFix.txt
2008-11-09 12:28:08 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-11-09 11:23:15 ----A---- C:\WINDOWS\system32\myrundll.exe
2008-11-08 23:03:57 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 17:46:58 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-28 00:43:34 ----D---- C:\Program Files\qfewbaf
2008-10-28 00:43:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\zmtcpyhu
2008-10-28 00:43:22 ----A---- C:\WINDOWS\system32\vapazefi.exe
2008-10-24 21:58:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-17 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-17 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-17 03:03:00 ----A---- C:\WINDOWS\imsins.BAK
2008-10-17 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-09 18:42:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 18:40:24 ----D---- C:\Program Files\SPAMfighter
2008-11-09 18:30:05 ----RAD---- C:\Program Files
2008-11-09 17:50:25 ----D---- C:\WINDOWS\Prefetch
2008-11-09 17:48:42 ----D---- C:\Documents and Settings
2008-11-09 17:44:07 ----D---- C:\WINDOWS\security
2008-11-09 17:43:36 ----D---- C:\WINDOWS
2008-11-09 17:43:31 ----D---- C:\WINDOWS\system32
2008-11-09 17:42:50 ----D---- C:\QooBox
2008-11-09 17:28:35 ----D---- C:\WINDOWS\Help
2008-11-09 12:37:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-09 12:34:19 ----N---- C:\WINDOWS\system.ini
2008-11-08 23:02:36 ----A---- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-20021102}.BAK
2008-11-06 21:03:20 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 22:44:18 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-31 21:05:56 ----HD---- C:\$AVG8.VAULT$
2008-10-31 00:16:57 ----A---- C:\WINDOWS\system32\guard32.dll
2008-10-28 21:37:06 ----D---- C:\WINDOWS\system32\drivers
2008-10-28 20:52:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 10:26:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-24 21:58:48 ----HD---- C:\WINDOWS\inf
2008-10-24 21:58:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 21:57:43 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 10:52:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 03:03:51 ----D---- C:\Program Files\Internet Explorer
2008-10-17 03:03:35 ----D---- C:\WINDOWS\ie7updates
2008-10-17 02:59:30 ----D---- C:\WINDOWS\Debug
2008-10-17 02:59:23 ----SHD---- C:\WINDOWS\Installer
2008-10-17 02:59:23 ----SHD---- C:\Config.Msi
2008-10-15 17:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 02:46:26 ----D---- C:\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2003-04-17 147328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-10-31 99856]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
S2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-10-25 44384]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-01-21 55552]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-01-21 69376]
S3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.01\RivaTuner32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2006-06-01 509440]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-10-31 614136]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
S2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-04-04 126976]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
S2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2008-09-22 184968]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 E;E; C:\DOCUME~1\HUGUES~1.H-V\LOCALS~1\Temp\E.exe [2008-11-09 371584]
S3 HWV;HWV; C:\DOCUME~1\HUGUES~1.H-V\LOCALS~1\Temp\HWV.exe [2008-11-09 392064]
S3 ICScsiSV;Image Converter SCSI Service; C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 iPod Service;iPod-tjeneste; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-09-14 427288]
S4 Bonjour Service;Bonjour-tjeneste; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632]
S4 IcVzMonLauncher;IcVzMonLauncher; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S4 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-06-28 66872]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]

-----------------EOF-----------------

i would like one more time to point that these logs are created in safe mode, im unable to start ANY programs in normal mode...
Thanks for your help!

Maroan · 2008/11/10

There is in fact 2 more accounts: well all in all 3: Administrator, mine and guest. I have tryed to activate the guest account, but so far with the same result... :-(

noahdfear · 2008/11/10

Please make sure you have a fresh copy of ComboFix.
Place it directly in Local Disk C:
Reboot and go to safe mode by tapping the F8 key upon startup to enable the Advanced Start Menu, then select Safe Mode.
Logon to the Administrator account, then run ComboFix.
When ComboFix restarts the machine, again use F8 and go back to the Administrator account in safe mode. << Make sure to do this!
ComboFix should continue to run and will produce a log when it completes.
The log will be located at C:\ComboFix.txt
Post the contents of that log after restarting and logging on normally.
Let me know if there's any improvement.

Maroan · 2008/11/11

First of all thank you so much for your help! I have downloaded the latest Combofix, and this time it worked. Restarting in normal mode still results in the same error, I cant access any of my icons or programs.

Here is the log>

ComboFix 08-11-10.01 - Administrator 2008-11-11 15:12:18.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.809 [GMT 1:00]
Running from: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_E
-------\Service_E

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-09 20:37 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-11-09 11:23 . 2008-04-14 01:12 33,280 --a------ c:\windows\system32\myrundll.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-28 00:43 . 2008-10-28 21:37 <DIR> d-------- c:\program files\qfewbaf
2008-10-28 00:43 . 2008-10-28 17:49 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\zmtcpyhu
2008-10-28 00:43 . 2008-10-28 00:43 77,824 --a------ c:\windows\system32\vapazefi.exe
2008-10-24 13:59 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 03:03 . 2008-10-17 03:04 1,393 --a------ c:\windows\imsins.BAK
2008-10-16 09:42 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 09:42 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 09:42 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 09:42 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:40 --------- d-----w c:\program files\SPAMfighter
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-21 15:12 --------- d-----w c:\program files\cfexzjc
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-24 316728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S3 HWV;HWV;c:\docume~1\HUGUES~1.H-V\LOCALS~1\Temp\HWV.exe [ ]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-10-07 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2004-08-04 00:56]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 15:17:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-11 15:22:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 14:22:09
ComboFix2.txt 2008-11-09 11:38:28
ComboFix3.txt 2008-08-29 01:19:20
ComboFix4.txt 2008-07-03 19:38:01

Pre-Run: 11,245,969,408 bytes free
Post-Run: 11,244,433,408 bytes free

169

Maroan · 2008/11/11

It seems that my last post doesnt appears here... I try one more time..

Admin: you received a message that the post required approval

Sorry! I wont do that mistake again! :-(
-Maroan

noahdfear · 2008/11/11

Please open C:\Qoobox and post each of the ComboFix.txt files there, each in it's own post to this topic. I need to see what has been removed thus far.

After you've posted those logs, see if ComboFix will run from your account now. Try in safe mode on your account to, if necessary. If successful, post the new log, otherwise just let me know.

Maroan · 2008/11/12

Ok...

Combofix quarantined files

2002-02-01 18:00:00 A------- 676,352 C:\Qoobox\Quarantine\C\WINDOWS\system32\RTL60.BPL.vir
2003-02-23 16:48:24 AC------ 2,703 C:\Qoobox\Quarantine\C\Documents and Settings\Hugues.HHD-PCLH3ES1FZI\Cookies\hugues@www.ftu.uvm[1].txt.vir
2006-02-11 13:16:57 AC------ 0 C:\Qoobox\Quarantine\C\Documents and Settings\Hugues.HUGUES-0MHLA59D\Application Data\Install.dat.vir
2006-08-11 13:57:04 A------- 81,920 C:\Qoobox\Quarantine\C\WINDOWS\system32\ctcoinst.dll.vir
2008-04-14 21:28:46 A------- 73 C:\Qoobox\Quarantine\C\WINDOWS\system32\ssprs.dll.vir
2008-04-14 21:28:46 A------- 205 C:\Qoobox\Quarantine\C\WINDOWS\system32\lsprst7.dll.vir
2008-07-02 16:55:35 A------- 13,261 C:\Qoobox\Quarantine\C\WINDOWS\system32\lUxaGfii.ini.vir
2008-07-02 16:55:39 A------- 13,032 C:\Qoobox\Quarantine\C\WINDOWS\system32\lUxaGfii.ini2.vir
2008-07-03 20:03:47 A------- 1,054 C:\Qoobox\Quarantine\Registry_backups\Legacy_CLBDRIVER.reg.dat
2008-07-03 20:08:22 A------- 278 C:\Qoobox\Quarantine\catchme.log
2008-08-12 16:35:14 A------- 89 C:\Qoobox\Quarantine\C\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol.vir
2008-08-12 16:35:14 A------- 696 C:\Qoobox\Quarantine\C\Documents and Settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Macromedia\Flash Player\#SharedObjects\MGX8RAEY\bin.clearspring.com\clearspring.sol.vir
2008-08-29 02:08:48 A------- 7,915 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-08-29 02:18:46 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-08-29 02:18:46 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-08-29 02:18:46 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-11 15:14:22 A------- 750 C:\Qoobox\Quarantine\Registry_backups\Legacy_E.reg.dat
2008-11-11 15:14:22 A------- 2,588 C:\Qoobox\Quarantine\Registry_backups\Service_E.reg.dat

Maroan · 2008/11/12

ComboFix2

ComboFix 08-11-10.01 - Administrator 2008-11-11 15:12:18.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.809 [GMT 1:00]
Running from: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_E
-------\Service_E

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-09 20:37 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-11-09 11:23 . 2008-04-14 01:12 33,280 --a------ c:\windows\system32\myrundll.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-28 00:43 . 2008-10-28 21:37 <DIR> d-------- c:\program files\qfewbaf
2008-10-28 00:43 . 2008-10-28 17:49 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\zmtcpyhu
2008-10-28 00:43 . 2008-10-28 00:43 77,824 --a------ c:\windows\system32\vapazefi.exe
2008-10-24 13:59 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 03:03 . 2008-10-17 03:04 1,393 --a------ c:\windows\imsins.BAK
2008-10-16 09:42 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 09:42 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 09:42 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 09:42 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:40 --------- d-----w c:\program files\SPAMfighter
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-21 15:12 --------- d-----w c:\program files\cfexzjc
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-24 316728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S3 HWV;HWV;c:\docume~1\HUGUES~1.H-V\LOCALS~1\Temp\HWV.exe [ ]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-10-07 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2004-08-04 00:56]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 15:17:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-11 15:22:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 14:22:09
ComboFix2.txt 2008-11-09 11:38:28
ComboFix3.txt 2008-08-29 01:19:20
ComboFix4.txt 2008-07-03 19:38:01

Pre-Run: 11,245,969,408 bytes free
Post-Run: 11,244,433,408 bytes free

169

Maroan · 2008/11/12

Are you interested in the other logs? they are older..
Im able to do a scan on my own account, but only in safe mode.
Ill send it as soon as possible...
I tryed yesterday to start on normal mode, but still without luck...

noahdfear · 2008/11/12

That's enough. Thanks! I'll look them over this evening and get back to ya.

Maroan · 2008/11/12

Thanks a lot!

noahdfear · 2008/11/13

Please see if you can complete the following.

This procedure is documented on the Microsoft.com website for resetting registry and system file permissions, as well as default security descriptors. While it might not fix the problem, it should do no harm either.

Download and install SubInACL from Microsoft.

Close out all other programs and open windows.

Highlight and copy the contents of the code box below.
Code:
cd /d  "%ProgramFiles%\Windows Resource Kits\Tools "
subinacl /subkeyreg HKEY_LOCAL_MACHINE /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CURRENT_USER /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CLASSES_ROOT /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose 
exit
cls
Click Start>Run and type cmd then hit enter to open a command window.
Right click in the command window and select paste.
It will take a while for the commands to process, so please be patient.
The command window should close on it's own when finished.
Reboot for the changes to take effect.

If you are unable to install SubInACL, log off your user account and press the Ctrl+Alt+Del keys twice in a row at the Welcome screen. This will enable the Classic Logon prompt.
Type Administrator for the username then enter the password to logon to the Admin account.
Once on the Admin account, install SubInACL, then log off and back onto your account and complete the rest of the instructions.
Let me know if there is any change after rebooting.

Maroan · 2008/11/14

One question: Should I do it in safe mode?

noahdfear · 2008/11/14

No, or I'd have specified safe mode.

Maroan · 2008/11/14

I have done as you wrote, logged as admin, but i still get the same error...
And if I try in safe mode, I get this message...

"The system administrator has set policies to prevent this installation "

Sounds more and more like a new installation to me... :-(

noahdfear · 2008/11/14

Are you saying that you cannot install SubInACL even when logged on to the Administrator account?

Maroan · 2008/11/15

Yes, and I have tryed to take owner properties on the program, and I have found that every possibilities (full control, read, write and so on) are marked but shaded. I have verified this for every users in my systen (Administrator, administrators, guests and my own account) and it shows the same thing: the properties are marked AND shaded.

I am thinking about trying to install an older registry database, but i dont know how to do it!

Log in or Sign up

Solved cant access any files and programs.

Maroan Inactive Thread Starter

dobhar Inactive

noahdfear Inactive

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

Share This Page

Log in or Sign up

Solved cant access any files and programs.

Maroan Inactive Thread Starter

dobhar Inactive

noahdfear Inactive

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

noahdfear Inactive

Maroan Inactive Thread Starter

Share This Page

Useful Searches