Solved cant access any files and programs.

For the time being, please, do not attempt to do anything about the seemingly missing profile. We have some backups we can use to fix that.

 

Ok its done succesfully!

 

Status?

 

Status? lol: Weird! When I reboot in normal mode, my user is back! But with the same (more and more) annoying error. Back in safe mode as administrator: my user is not on the logon screen...

 

First, lets restore some backups that should put the user account back properly.

Open C:\WINDOWS\ERDNT\subs and double click erdnt.exe
Restart the computer.

Now, repeat the procedure here and give me an update after reboot.

 

Ok done it and my user is back! Now: Do I have tu run both combofix again?

 

Either would be fine, but I'd opt for the second.

 

Please post with a new reply rather than editing your posts. If not for seeing you online there's no way for me to know you've replied. Thanks

So, erunt run successfully, and the registry file merged?
Do things appear to be as they should now, with permissions?

 

Yes the program ran fine and everything is "back to normal "! I mean the permissions are still shaded.

And here is the log:

ComboFix 08-11-10.01 - Administrator 2008-11-16 18:55:38.11 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.802 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\rrt_is.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_vf.wav
c:\windows\Tasks\ParetoLogic Registration.job
.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 23:30 . 2008-11-15 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 23:30 . 2008-11-15 23:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-15 13:53 . 2008-11-15 13:53 <DIR> d-------- c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\Application Data\WinPatrol
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\documents and settings\Hugues1
2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-09 20:37 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-24 13:59 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 03:03 . 2008-10-24 21:58 1,393 --a------ c:\windows\imsins.BAK
2008-10-16 09:42 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 09:42 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 09:42 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 09:42 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 16:46 --------- d-----w c:\program files\SPAMfighter
2008-11-13 21:09 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Apple Computer
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2003-04-17 08:16 447,616 ----a-w c:\windows\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w c:\windows\inf\EL2K_2K.sys
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_15.21.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-17 09:13:18 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-16 17:15:31 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"RRT-Auto "= "c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\My Documents\RRT\RRT.exe" [2008-09-07 140288]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 19:02:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 19:07:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 18:07:55
ComboFix2.txt 2008-11-16 02:05:35
ComboFix3.txt 2008-11-16 01:46:27
ComboFix4.txt 2008-11-11 19:45:29
ComboFix5.txt 2008-11-16 17:55:10

Pre-Run: 15,161,253,888 bytes free
Post-Run: 15,146,041,344 bytes free

182

 

When you say permissions are shaded, do you mean that there still seems to be restrictions in place on the account? Please logon to your account in normal mode and see if ComboFix will run normally by just double clicking. I would also like for you to repeat this while on your account in normal mode.

 

Well this time I think its over.. The machine reboots all the time (Im writing from my spare computer) and even if I try to boot in safe mode it just stalls and reboots again and again... :-(

 

Please start the computer and begin tapping the F8 key to enable the Advanced Start menu.
Select Disable Automatic Restart
This time it should blue screen uinstead of restarting and give an error message.
I want that whole message (just the stop error details).


You can also try selecting Last Known Good Configuration from the advanced start menu.


Do you have an XP operating system cd? Not a factory restore cd, but a full operating system disk.

 

I have tryied allready last good known configuration, and I had same problem. heres is the stop code:

STOP: 0x00000024 (0x00190203, 0x8763C828, 0xC0000102,00000000)

I have a full XP version, but its rather old. It is without SP1...

 

We can give it a shot with the cd anyway. Boot to the cd and at the setup screen press R to start the Recovery Console.
When prompted, press the number key represented by the C:\Windows installation (usually 1)
Enter the Administartor password - just hit Enter if no password assigned.
At the C:\Windows> prompt, type chkdsk /r and hit enter.
When complete, type Exit to restart and allow a normal startup.

Post back with an update.

 

Well... the system is back and runs... With the same errors, but its back!

 

Please get the export for me as shown here.

 

Well I think Ill soon give you something better.... a ComboFix in normal mode from my main account!

I can run programs from the task manager! But i dont know if I will be ablle to run scripts the same way?

 

That would be a great start!
You can run scripts as well. Make sure the script is in the same location as ComboFix, then use the Task Manager browse window to locate the script, and drag it onto ComboFix.exe right there in the browse window.
You can also run it from the task manager run line using a command as shown below, substituting User with your username.

"C:\Documents and Settings\User\Desktop\ComboFix.exe" "C:\Documents and Settings\User\Desktop\CFScript.txt "

I still need to see the export though.

 

Well im writing from my own account, but every single program has to be opened through the task manager.... Does it give you an hint?
Heres the log:

ComboFix 08-11-10.01 - Hugues 2008-11-17 0:27:27.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.666 [GMT 1:00]
Running from: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 23:30 . 2008-11-15 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 23:30 . 2008-11-15 23:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-15 13:53 . 2008-11-15 13:53 <DIR> d-------- c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\Application Data\WinPatrol
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\documents and settings\Hugues1
2008-11-11 15:07 . 2008-11-11 15:06 3,044,628 -ra------ C:\ComboFix.exe
2008-11-09 20:37 . 2008-11-09 20:37 <DIR> d-------- C:\rsit
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\program files\Ace Utilities
2008-11-09 17:48 . 2008-11-09 17:48 <DIR> d-------- c:\documents and settings\Guest
2008-11-09 12:28 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2008-10-28 17:46 . 2008-10-28 17:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-24 13:59 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 03:03 . 2008-10-24 21:58 1,393 --a------ c:\windows\imsins.BAK
2008-10-16 09:42 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 09:42 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 09:42 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 09:42 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 09:42 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 23:16 --------- d-----w c:\program files\SPAMfighter
2008-11-13 21:09 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Apple Computer
2008-10-30 23:16 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-10-30 23:16 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-30 23:16 143,096 ----a-w c:\windows\system32\guard32.dll
2008-10-28 19:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-12 01:46 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\BitTorrent
2008-10-03 14:48 --------- d-----w c:\program files\VDMSound
2008-09-28 22:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2008-09-28 22:21 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-09-28 22:21 --------- d-----w c:\program files\COMODO
2008-09-28 22:21 --------- d-----w c:\program files\AskSBar
2008-09-28 22:20 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Comodo
2008-09-26 13:35 --------- d-----w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\SPAMfighter
2008-09-23 15:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-21 10:33 --------- d-----w c:\program files\Throttle
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-27 06:49 81,920 ----a-w c:\windows\system32\lgxypuzu.exe
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-28 21:47 22,328 ----a-w c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\PnkBstrK.sys
2007-03-30 22:44 356,352 ----a-w c:\documents and settings\Hugues.HOME\cwshredder.dll
2006-10-08 13:36 81,920 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\ezpinst.exe
2006-10-08 13:36 47,360 -c--a-w c:\documents and settings\Hugues.HOME\Application Data\pcouffin.sys
2006-01-31 15:28 85,428 -c--a-w c:\program files\Uninstal.exe
2006-01-21 14:45 302 -c--a-w c:\program files\Utils.ini
2006-01-21 13:28 1,655 -c--a-w c:\program files\Config.ini
2006-01-15 20:28 2,238 -c--a-w c:\program files\chawkizzico.ico
2005-09-09 18:55 7,155,864 -c--a-w c:\program files\NGhost10.msi
2005-09-09 18:55 37,766,164 -c--a-w c:\program files\Data1.cab
2005-09-09 18:55 35 -c--a-w c:\program files\SCSSDist.ini
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2004-04-07 15:59 19 -c--a-w c:\program files\Answer.txt
2003-07-12 02:58 777 -c--a-w c:\program files\trial_setup.ini
2003-07-12 02:58 40,448 -c--a-w c:\program files\trial_setup.exe
2003-07-12 02:58 4,226,048 -c--a-w c:\program files\trial_setup.msi
2003-06-15 20:55 560 -c--a-w c:\program files\Global.sw
2003-04-17 08:16 447,616 ----a-w c:\windows\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w c:\windows\inf\EL2K_2K.sys
2001-06-03 07:35 395 -c--a-w c:\program files\Read_me_first.txt
2001-05-31 23:02 40,582 -c--a-w c:\program files\060101.seu
2001-05-31 23:01 8,198 -c--a-w c:\program files\Serials2000.nfo
2001-05-31 23:01 528 -c--a-w c:\program files\file_id.diz
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_15.21.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-17 09:13:18 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-16 17:15:31 251,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-16 23:16:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-28 278264]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"COMODO Internet Security "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"RRT-Auto "= "c:\documents and settings\Administrator.H-V6CG5K9NS9FZA\My Documents\RRT\RRT.exe" [2008-09-07 140288]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 09:33 1506544 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"PACSPTISVR "=3 (0x3)
"MSCSPTISRV "=3 (0x3)
"IDriverT "=3 (0x3)
"IcVzMonLauncher "=3 (0x3)
"Bonjour Service "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\messenger\\msmsgs.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-09-22 184968]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-04-29 4224]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-14 513152]
S4 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Hugues.H-V6CG5K9NS9FZA\Application Data\Mozilla\Firefox\Profiles\2cf964vi.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 00:32:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17 0:34:44
ComboFix-quarantined-files.txt 2008-11-16 23:34:39
ComboFix2.txt 2008-11-16 18:07:59
ComboFix3.txt 2008-11-16 02:05:35
ComboFix4.txt 2008-11-16 01:46:27
ComboFix5.txt 2008-11-16 23:26:44

Pre-Run: 15.152.832.512 bytes free
Post-Run: 15,131,525,120 bytes free

191

Hard work! lol

 

What happens when trying to run programs without using Task Manager?


Please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
c:\windows\system32\lgxypuzu.exe

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.