Solved Unable to run Task Manager

Zephyrinus · 2009/10/04

[Resolved] Unable to run Task Manager

Hello, after plugging in a Mac formatted harddisk from a friend to get some videos (I downloaded MacDrive), I was infected with a trojan. My scanner told me that my winxp file was infected so I deleted it (I now realise I should'nt have done that..).

After that I couldnt open my C drive (my primary drive) by double clicking but I managed to find a solution for that online by fixing the registry. But before that I could'nt even access regedit and had to find a solution to that.

Now, my task manager is not working.. and I really need some help here.. and I stumbled upon this forum.. Could you guys please help me out?

I can't find the button to attach a file to this post so here is the link to my attach.zip:

http://www.mediafire.com/?sharekey=53d8e578186d587c8ef1259ff1b60e81746185e149767742292b492bd5edc68e

And here is my DDS log:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Bryant at 0:28:39.15 on Mon 10/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1166 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\cvlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Electronic Arts\Red Alert 3\FahCore_7c.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sage Software\Peachtree\SmartPostingService2009.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SeekService\seekservice.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Bryant\Desktop\CNET_TechTracker_1_0_44_Setup.exe
C:\Documents and Settings\Bryant\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.160.1.66:80
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
EB: {9D19C405-BA93-461B-871F-97992CC45972} - No File
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe "
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [App] c:\windows\system32\cvlu.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe "
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfileeachtreeprefetcher.winstart.config
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [V0330Mon.exe] c:\windows\V0330Mon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [CTFMON] c:\windows\system32\wscript.exe /e:vbs c:\windows\system32\winjpg.jpg
mRun: [regdiit] c:\windows\system32\winxp.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223717228042
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bryant\applic~1\mozilla\firefox\profiles\9tyetw8m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-1-22 134272]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2008-10-14 10872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-14 27784]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-14 297752]
R2 FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe;FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe;c:\program files\electronic arts\red alert 3\fah.exe -svcstart --> c:\program files\electronic arts\red alert 3\FAH.exe -svcstart [?]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
R2 Peachtree SmartPosting 2009;Peachtree SmartPosting 2009;c:\program files\sage software\peachtree\SmartPostingService2009.exe [2008-5-3 49152]
R2 SeekService Service;SeekService Service;c:\documents and settings\all users\application data\seekservice\seekservice129.exe [2009-9-23 54784]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-10-11 33792]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2009-2-5 227072]
S2 Ast Service;Ast Service;c:\windows\system32\\astsrv.exe --> c:\windows\system32\\AstSrv.exe [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\bryant\locals~1\temp\KYW144.tmp [2009-9-24 21264]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2008-10-11 13225]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2009-9-23 157696]

=============== Created Last 30 ================

2009-10-05 00:02 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-10-04 23:59 <DIR> --d----- c:\documents and settings\bryant\.housecall6.6
2009-10-04 23:27 14,386 a------- c:\windows\system32\winxp.exe
2009-10-04 20:34 170,116 a--shr-- C:\winfile.jpg
2009-10-04 20:34 170,116 a--shr-- c:\windows\system32\winjpg.jpg
2009-10-04 20:34 110 a--shr-- C:\autorun.inf
2009-09-28 02:17 <DIR> --d----- c:\program files\iPod
2009-09-28 02:17 <DIR> --d----- c:\program files\iTunes
2009-09-28 00:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-27 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-23 01:05 <DIR> --d----- c:\program files\Creative
2009-09-23 00:55 7,168 a------- c:\windows\system32\V0080Aor.dll
2009-09-23 00:55 <DIR> --d----- C:\WebCam
2009-09-21 20:08 765,952 a----r-- c:\windows\system\crlds3d.dll
2009-09-21 20:08 392,960 a----r-- c:\windows\system32\drivers\senfilt.sys
2009-09-21 20:08 229,376 a----r-- c:\windows\system32\drivers\ADIHdAud.sys
2009-09-21 20:08 93,824 a----r-- c:\windows\system32\drivers\aeaudio.sys
2009-09-21 20:07 53,248 -------- c:\windows\system32\wdmioctl.dll
2009-09-21 20:07 1,285,632 -------- c:\windows\system32\SMMedia.dll
2009-09-21 20:07 49,152 a------- c:\windows\system32\DSndUp.exe
2009-09-21 20:07 <DIR> --d----- c:\program files\Analog Devices
2009-09-21 20:07 45,056 -------- c:\windows\system32\CleanUp.exe
2009-09-21 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-09-21 19:48 <DIR> --d----- c:\program files\Realtek
2009-09-21 19:48 831,488 a------- c:\windows\RtlExUpd.dll
2009-09-21 19:43 <DIR> --d----- c:\windows\system32\NtmsData
2009-09-13 23:27 <DIR> --d----- c:\program files\Pervasive Software
2009-09-13 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pervasive Software
2009-09-13 23:26 9,926 a------- c:\windows\PriorPervasive.reg
2009-09-13 23:26 740 a------- c:\windows\PSODBCEI.reg
2009-09-13 23:26 740 a------- c:\windows\PSODBCCI.reg
2009-09-13 23:26 470 a------- c:\windows\PSOA.reg
2009-09-13 23:09 <DIR> --d----- c:\docume~1\bryant\applic~1\Peachtree
2009-09-13 23:08 7,358 a------- c:\windows\support.ICO
2009-09-13 23:08 7,358 a------- c:\windows\forms.ICO
2009-09-13 23:08 5,222 a------- c:\windows\ADOBE.ICO
2009-09-13 23:08 766 a------- c:\windows\ACTGPR2.ICO
2009-09-13 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Aatrix Software
2009-09-13 23:08 24,576 a------- c:\windows\system32\Sbtrvd32.dll
2009-09-13 23:08 66,560 a------- c:\windows\system32\s2dtconv.dll
2009-09-13 23:07 2,134,016 a------- c:\windows\system32\cdintf251.dll
2009-09-13 23:07 <DIR> --d----- c:\windows\Crystal
2009-09-13 23:06 <DIR> --d----- c:\program files\common files\Peach
2009-09-13 23:05 <DIR> --d----- c:\program files\Business Objects
2009-09-13 23:04 13,608 a------- c:\windows\system32\srvany.exe
2009-09-13 23:03 <DIR> --d----- c:\program files\common files\Pervasive Software Shared
2009-09-13 23:03 <DIR> --d----- c:\program files\Sage Software
2009-09-13 23:02 47,851 a------- c:\windows\PeachWLog.XML
2009-09-13 23:02 <DIR> --d----- c:\windows\PeachInst
2009-09-06 20:26 2,293 a------- c:\windows\WinRos.ini
2009-09-06 20:26 4,025 a------- c:\windows\WinSig.ini
2009-09-06 20:26 <DIR> --d----- c:\docume~1\bryant\applic~1\eSignal
2009-09-06 14:23 <DIR> --d----- c:\docume~1\bryant\applic~1\counters
2009-09-06 14:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\performance
2009-09-06 14:22 <DIR> --d----- c:\program files\eSignal
2009-09-06 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eSignal
2009-09-06 11:57 0 a------- c:\windows\regset.INI
2009-09-06 11:56 <DIR> --d----- c:\program files\Equis
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-09-20 21:13 2,346 a------- c:\windows\War3Unin.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-17 20:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-17 20:30 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-04 03:22 70,848 a------- c:\docume~1\bryant\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 0:28:56.60 ===============

broni · 2009/10/04

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Zephyrinus · 2009/10/05

After starting this thread, I realized that I've been infected with a trojan dropper, and it will keep recreating the winxp.exe file each time i delete it, even if i delete it from regedit.

The issue with me being unable to open C Drive via double clicking still exists. Each time i fix it, after I restart my computer it will have the same problem again.

Here's my combofix log:

ComboFix 09-10-04.01 - Bryant 10/05/2009 19:10.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1349 [GMT 8:00]
Running from: c:\documents and settings\Bryant\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2380989196-702900065-3104595119-1000
C:\Autorun.inf
c:\windows\Installer\1aebf.msi
c:\windows\Installer\6d9816.msi
c:\windows\system32\winxp.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-04 17:48 . 2008-12-11 00:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-04 17:48 . 2009-08-24 06:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-04 17:48 . 2009-08-19 03:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-04 17:48 . 2009-10-04 17:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-04 17:48 . 2008-12-10 03:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-04 17:47 . 2009-10-04 17:48 -------- d-----w- c:\program files\Spyware Doctor
2009-10-04 17:47 . 2009-10-04 17:47 -------- d-----w- c:\documents and settings\Bryant\Application Data\PC Tools
2009-10-04 17:47 . 2009-10-04 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-04 17:26 . 2009-10-04 17:26 38 ----a-w- c:\windows\SOLOSCAN.BAT
2009-10-04 17:25 . 2009-10-05 10:55 -------- d-----w- C:\SRN Micro
2009-10-04 17:04 . 2009-10-04 17:04 -------- d-----w- c:\windows\system32\i386
2009-10-04 16:30 . 2009-10-04 16:55 -------- d-----w- c:\documents and settings\Bryant\Application Data\CBS Interactive
2009-10-04 16:02 . 2009-10-04 15:59 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-04 15:59 . 2009-10-04 16:02 -------- d-----w- c:\documents and settings\Bryant\.housecall6.6
2009-09-27 18:17 . 2009-09-27 18:17 -------- d-----w- c:\program files\iPod
2009-09-27 18:17 . 2009-09-27 18:17 -------- d-----w- c:\program files\iTunes
2009-09-27 16:04 . 2008-04-17 05:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-27 14:38 . 2009-09-27 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 14:33 . 2009-09-27 14:33 -------- d-----w- c:\program files\Safari
2009-09-22 17:14 . 2009-09-22 17:14 -------- d-----w- c:\documents and settings\Bryant\Application Data\Creative
2009-09-22 17:05 . 2009-09-22 17:05 -------- d-----w- c:\program files\Creative
2009-09-22 17:00 . 2007-08-08 05:48 157696 ----a-w- c:\windows\system32\drivers\V0330Vid.sys
2009-09-22 17:00 . 2007-04-29 17:10 266240 ----a-w- c:\windows\system32\V0330Cvw.dll
2009-09-22 17:00 . 2007-04-29 17:03 32768 ----a-w- c:\windows\V0330Mon.exe
2009-09-22 17:00 . 2007-04-25 17:10 32768 ----a-w- c:\windows\system32\V0330Hwx.dll
2009-09-22 17:00 . 2007-04-24 17:10 20480 ----a-w- c:\windows\system32\V0330Srv.exe
2009-09-22 17:00 . 2007-04-23 17:10 36864 ----a-w- c:\windows\system32\V0330Pin.dll
2009-09-22 17:00 . 2007-04-23 17:10 20480 ----a-w- c:\windows\V0330Cfg.exe
2009-09-22 17:00 . 2006-12-13 02:35 4516 ----a-w- c:\windows\system32\drivers\V0330STB.SYS
2009-09-22 17:00 . 2005-07-06 17:07 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- C:\Live! Cam
2009-09-22 16:55 . 2009-09-22 16:55 -------- d-----w- C:\WebCam
2009-09-22 16:55 . 2005-03-07 17:00 7168 ----a-w- c:\windows\system32\V0080Aor.dll
2009-09-21 12:08 . 2001-09-19 05:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2009-09-21 12:08 . 2006-05-02 09:12 229376 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2009-09-21 12:08 . 2006-04-26 22:42 93824 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2009-09-21 12:08 . 2006-03-17 10:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2009-09-21 12:07 . 2005-05-04 01:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2009-09-21 12:07 . 2001-09-11 07:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2009-09-21 12:07 . 2009-09-21 12:07 -------- d-----w- c:\program files\Analog Devices
2009-09-21 12:07 . 2005-09-26 08:20 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-09-21 12:07 . 2002-04-17 07:05 45056 ------w- c:\windows\system32\CleanUp.exe
2009-09-21 11:58 . 2009-09-21 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-21 11:48 . 2009-09-21 11:48 -------- d-----w- c:\program files\Realtek
2009-09-21 11:48 . 2009-06-24 02:43 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-21 11:43 . 2009-10-04 16:08 -------- d-----w- c:\windows\system32\NtmsData
2009-09-13 15:27 . 2009-09-13 15:27 -------- d-----w- c:\program files\Pervasive Software
2009-09-13 15:27 . 2009-09-13 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Pervasive Software
2009-09-13 15:26 . 2009-09-13 15:26 9926 ----a-w- c:\windows\PriorPervasive.reg
2009-09-13 15:26 . 2009-09-13 15:26 740 ----a-w- c:\windows\PSODBCEI.reg
2009-09-13 15:26 . 2009-09-13 15:26 740 ----a-w- c:\windows\PSODBCCI.reg
2009-09-13 15:26 . 2009-09-13 15:26 470 ----a-w- c:\windows\PSOA.reg
2009-09-13 15:09 . 2009-09-13 15:28 -------- d-----w- c:\documents and settings\Bryant\Application Data\Peachtree
2009-09-13 15:09 . 2009-09-13 15:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Peachtree
2009-09-13 15:07 . 2008-05-03 07:36 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2009-09-13 15:07 . 2009-10-04 18:08 -------- d-----w- c:\windows\Crystal
2009-09-13 15:06 . 2009-10-04 18:08 -------- d-----w- c:\program files\Common Files\Peach
2009-09-13 15:05 . 2009-09-13 15:05 -------- d-----w- c:\program files\Business Objects
2009-09-13 15:03 . 2009-09-16 16:26 -------- d-----w- c:\program files\Common Files\Pervasive Software Shared
2009-09-13 15:03 . 2009-09-13 15:04 -------- d-----w- c:\program files\Sage Software
2009-09-13 15:02 . 2009-09-13 15:02 -------- d-----w- c:\windows\PeachInst
2009-09-06 12:26 . 2009-09-06 12:26 -------- d-----w- c:\documents and settings\Bryant\Application Data\eSignal
2009-09-06 06:23 . 2009-09-06 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\performance
2009-09-06 06:23 . 2009-09-06 06:23 -------- d-----w- c:\documents and settings\Bryant\Application Data\counters
2009-09-06 06:23 . 2009-09-06 06:23 -------- d-----w- c:\documents and settings\Bryant\Local Settings\Application Data\esignal
2009-09-06 06:22 . 2009-09-06 12:40 -------- d-----w- c:\program files\eSignal
2009-09-06 06:22 . 2009-09-06 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\eSignal
2009-09-06 03:56 . 2009-09-06 06:36 -------- d-----w- c:\program files\Equis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 11:13 . 2008-10-11 11:03 -------- d-----w- c:\documents and settings\Bryant\Application Data\DNA
2009-10-05 11:00 . 2008-10-11 09:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 10:53 . 2009-05-13 17:19 -------- d-----w- c:\program files\Steam
2009-10-05 10:52 . 2008-10-11 11:03 -------- d-----w- c:\program files\DNA
2009-10-04 17:44 . 2008-10-11 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-03 19:10 . 2008-10-11 11:08 -------- d-----w- c:\documents and settings\Bryant\Application Data\BitTorrent
2009-10-03 07:41 . 2008-10-26 03:48 -------- d-----w- c:\documents and settings\Bryant\Application Data\Audacity
2009-09-27 18:20 . 2008-10-18 10:30 -------- d-----w- c:\documents and settings\Bryant\Application Data\Apple Computer
2009-09-27 18:17 . 2008-10-18 10:29 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 18:16 . 2009-06-05 04:43 -------- d-----w- c:\program files\QuickTime
2009-09-24 15:06 . 2008-11-29 06:26 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-24 10:02 . 2008-10-13 15:56 -------- d-----w- c:\program files\Warcraft III
2009-09-24 07:37 . 2009-08-09 16:06 -------- d-----w- c:\program files\Garena
2009-09-23 16:15 . 2009-08-12 15:10 -------- d-----w- c:\program files\SeekService
2009-09-23 01:35 . 2009-08-12 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-09-22 17:05 . 2008-10-11 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 13:13 . 2009-03-29 11:14 2346 ----a-w- c:\windows\War3Unin.dat
2009-09-13 15:09 . 2008-10-11 08:44 70968 ----a-w- c:\documents and settings\Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 21:43 . 2009-09-03 08:09 -------- d-----w- c:\program files\AmiBroker
2009-08-28 11:42 . 2009-03-12 03:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 11:42 . 2008-10-18 10:30 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-24 16:30 . 2009-08-24 16:30 -------- d-----w- c:\program files\Common Files\Mediafour
2009-08-24 16:30 . 2009-08-24 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Mediafour
2009-08-24 16:30 . 2009-08-24 16:30 -------- d-----w- c:\program files\Mediafour
2009-08-17 12:30 . 2008-10-14 15:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 12:30 . 2008-10-14 15:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 12:30 . 2008-10-14 15:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-13 22:58 . 2009-10-04 17:48 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-12 15:17 . 2009-08-12 15:17 -------- d-----w- c:\documents and settings\Bryant\Application Data\Cool Record Edit Pro
2009-08-12 15:13 . 2009-08-12 15:13 -------- d-----w- c:\documents and settings\Bryant\Application Data\Free Sound Recorder
2009-08-12 14:44 . 2008-10-26 03:51 -------- d-----w- c:\program files\Audacity
2009-08-11 15:30 . 2009-05-22 06:30 -------- d-----w- c:\documents and settings\Bryant\Application Data\U3
2009-08-09 18:27 . 2008-10-18 10:39 -------- d-----w- c:\documents and settings\Bryant\Application Data\dvdcss
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Steam "= "c:\program files\steam\steam.exe" [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray "= "c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"!AVG Anti-Spyware "= "c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor "= "c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"App "= "c:\windows\system32\cvlu.exe" [2007-09-19 550912]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-21 198160]
"{B179023B-6238-4499-8F26-CD73E9D90E0A} "= "c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe "= "c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"V0330Mon.exe "= "c:\windows\V0330Mon.exe" [2007-04-29 32768]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SoloSentry "= "c:\srnmic~1\SOLOSENT.EXE" [2008-10-20 77824]
"SoloSchedule "= "c:\srnmic~1\SOLOCFG.EXE" [2008-12-29 303104]
"SoloSysCheck "= "c:\srnmic~1\SYSCHECK.COM" [2009-07-16 237568]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-03-11 44544]
"nltide_3 "= "advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"SoundMAX "= "c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Gainward "=c:\windows\TBPanel.exe /A
"razer "=c:\program files\Razer\razerhid.exe
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe "
"NeroFilterCheck "=c:\windows\system32\NeroCheck.exe
"OSSelectorReinstall "=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"NvCplDaemon "=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz "=nwiz.exe /install
"NvMediaCenter "=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMAXPnP "=c:\program files\Analog Devices\Core\smax4pnp.exe
"AVG8_TRAY "=c:\progra~1\AVG\AVG8\avgtray.exe
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"Microsoft Update Machine "=gzvorw.exe
"AcronisTimounterMonitor "=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe "
"H2O "=c:\program files\SyncroSoft\Pos\H2O\cledx.exe
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"TrueImageMonitor.exe "=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesdisabled]
"Microsoft Update Machine "=gzvorw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\lancraft\\mirc.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\lancraft\\lancraft.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\system32\\cvlu.exe "=
"c:\\Program Files\\Garena\\Garena.exe "=
"c:\\Program Files\\Steam\\steamapps\\weejiayin\\team fortress 2\\hl2.exe "=
"c:\\Program Files\\Steam\\steam.exe "=
"c:\\Program Files\\SoulseekNS\\slsk.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe "=
"c:\\SRN Micro\\SOLOCFG.EXE "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP "= 94:TCP:VRS Recording System Web Control Panel
"81:TCP "= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP "= 4100:UDP:uPNP Router Control Port
"1583:TCP "= 1583:TCPervasive DBEngine
"3351:TCP "= 3351:TCPervasive DBEngine

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 3:01 PM 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 11:15 AM 19072]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/5/2009 1:48 AM 206256]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [1/22/2009 9:46 PM 134272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/14/2008 11:00 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/14/2008 11:00 PM 297752]
R2 FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe;FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe;c:\program files\Electronic Arts\Red Alert 3\FAH.exe -svcstart --> c:\program files\Electronic Arts\Red Alert 3\FAH.exe -svcstart [?]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 2:55 PM 143360]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [10/11/2008 6:46 PM 33792]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2/5/2009 9:08 PM 227072]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe --> c:\windows\system32\\AstSrv.exe [?]
S2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [9/23/2009 9:35 AM 54784]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Bryant\LOCALS~1\Temp\KYW144.tmp --> c:\docume~1\Bryant\LOCALS~1\Temp\KYW144.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [10/11/2008 5:00 PM 13225]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/5/2009 1:47 AM 348824]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [9/23/2009 1:00 AM 157696]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.160.1.66:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Bryant\Application Data\Mozilla\Firefox\Profiles\9tyetw8m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKLM-Run-regdiit - c:\windows\system32\winxp.exe
SafeBoot-AVG Anti-Spyware Driver

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll "= "c:\windows\system32\es.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath "= "\??\c:\docume~1\Bryant\LOCALS~1\Temp\KYW144.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION "= "AC6EAB2A17B9D668E7B74346521C2966CD986D77FE6D7402D6E4D3B936B03FE8B16E06E942E6EEBF7F354EC12AEB257DA9719AA1C92530AAC4F2F1AE80078A60FE3EFAC266E3641C270F92219D8946E5BE9BEF8A2634404418AFDF174ACE24018D9208DF9D05D6BFC2413D7F002031DB76F56C5CBEB967A6E3820CC63ABC106239F62CE2A3342B1C169A7F69C6EEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D14075B71655D58E5115FD71D71A175C92C408C1CAA4B398C45A2DF2A7D94E03323BDFE43F27EA25B0672EBF42BC94C81EEEA9B8077BEDE067B8C26D575C54D0C513401D14751BF28974E52D2D393E8D77F304EA4990AEFD3E4CB24290E536428F02E7B6B9859C4245954876509499512AC47A0ACB65C08C9260DF669186FB0889F6CCD137C6DCD9D85F84B884C059D6B6678D478D9B4C22F8B8E040E461EC01F22419B7E72B6FAD478C5A0D283B65191C3246F9671E7C3BE04A56EC62F3CA7D4E117CC9859B5708032D7D10A76220826003B39CB4F1FAE2721B721F4CF74FA05E7E88B7F74BCD4C7D8616A2A5360973FF5C43F12ABD72F8C1B40CAAB864A550167484686EDF254C7352639632CDA5DE62ADAD4941E61F105CCCF5D371713D60C31D8B13552521E13B380549876543B9A41AA8BB4A7E1A89BB4888E1429F7A15E3FD1C34390AAE6AD65DC93E00ADD93CD05F8BF05A8D109CE752258F347785B232D81B7217E1D658F7FBD9109A6DF5166E3990CD0E87D4C9356E6FA3B6164AFFBB9C68EF053A155275A37AE106C97E03C70F754929185B0CE42377506CAE2CDFB4A1688092D03F5D5F27390285F133120DE92BBFBB2DF77DDC786901FBA6DE6ABE578AE740ADF0C6F6A2F1F3B6BB7B8528A7A2BF0BDD3E68C9A5B550A4E503286B8884C71CF2A5F3E853C8563DCBB6E0A70D7510A097F47A191D111FA02306A7C1278EFF2462B3A7D2D00B4EF652CD0EF33E21F94CED2E751269757DBBA804E71E68B6C9D1B7AECDF6FF1DF6499E6DF23186B48902D939AC778727ECA410CA0BE4F1AD84E5D094B8AFA21007973229FB4095347B1A75833A3CBB79F983E70A72F851191138298AC9427AED09950E318AB9411D8E0A58F8CF7855319CA439F2F046AEEB42DE1C0ED8C6ACF53657109D802ECAD7EBB6E7A04CC32440D1CC2DD83EE02CAA514B76BEC7463CD4B2F7CC0EEA466C9FC12322D7B9B801D627893C7791AF4CA0C7226578E3ED205407E7A0F72F67C955DE7039058D34186C1027249E6A10DABD127301939D51C677F8F5A4B784E4BD76CF6D86004D86EBC1B0E7E2427133C3E2743BE94D9174AFA9752EAA221F4176B3DAA0BAF6D02218C20273A6D177515657E8E "
"OODEFRAG11.00.00.01WORKSTATION "= "6E372C62C6835E6C2E8D8E4102740372B6BBD284849133F3844981C08A1F25BC5971D871F40FDC4B39C658E3FD4EB420E1B2557007687B6A6336A18E6F782D74448B42A88764226F308637CEFEF469803951CBAFF8B124AAB07487E7A390F082832C9A1BE0786E30AE17EA648193C6C6C3A9288F136A506779F6F2A7B6DAB9344C4C91D00AD2CB983517B77927E3B4DBEA9D5F52ADA5E7032F082B1CD8DF8F8A3BBA5E46AD8F8266297965D6B5BA5E59F9E5692E47099A172A44788963B8C0BBCF973D6A9C60258BD1043FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74C0FF1018790C689C320E6529912B9CA86B2C65B20AE8F264A296064BBA02D22D98DD0CF86D23C0701F2F1E04BA1DA4ED69E514A5A7463D213873F8C619AB961F19EE4A8E387AF88AF707221AED17747888CD4C96C0B2607D4C684E5C463455C2EBEDE1D861BF9A723C111B96BCCAE7701F29136E07DDE45284929246D00E27CF45D11579731D5D2B2839BE66BF1866FA6B9ED8303047C6622E44C0D29A9077EAD5B728F861D62CB3843FEF95F53669666BDF134E210D094E2632EFA0A4C0DF147121C1705E9A1289208D1D639371B27AE514BE254C48FD08804B6DC6308B43C334BCF500854FD51A4C8CA743118D4B174B8C9BBEF79546FB7776EB2D0B29D96E7C6EE324BCE418654EF44E142A52817ADAC6302913A1A179A630315ACD3518DDD3780C9CB7D1CD78DDF41BC2B418D10D7D930895AC544445DE2C7AD9AA738019343AF34CCBA9FAB3DEA633AEE82E024F1E26D3C2D1017453004B1BA7E20A0A70A854C265393443CD75A7322D433E3B5FEDBFB17B2BFBCBFC749DA8E0160BD88C78EC666AACAE516D3E95D52685139F5874E602BD632C2AA5DA6818E904126015660B7505F54441D2AC8B0B9F7106AEA1635449E4AF699522D0886B5DDCFD34242F1D95245DA81855B1B21DD97D5E3F0BB04F42980CE1756F74A7093DD4BA44F1DAF8CF0723B25D8E87A07559EBDF4B58A9FE1993234F429824069C74AAADB04FD765143BF871CF5D9F05F4C2715D3BB1C5F2150DAD050941430BF8A9E939F8A7E9AD0F3CC84B48EB880470590DF17DA0B916A433B852A337B53E3A61EE4F9E43B63D3437A2DA1A6949A84527F53BC3E76779CFB58E368F488586CF74DADD967560BCB046FADFB1B7FA9009D585A24E202C4B61678B5D41D8FDF1472F43212BB76C04A9C9567BD969089C2E14993121C56A3DDC329F59CC4E902379C21EC575C43A806891CF0479CE2880030BED1AD121FB0DBCAB9D250D6F348D9102609459DEAD7D85974925A0314EB88AB6E9C853E0B7D9D84BE31E6140E2F207B95E65BA09FDAC3AFD4CB "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\relog_ap.dll
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-10-05 19:16
ComboFix-quarantined-files.txt 2009-10-05 11:16

Pre-Run: 36,753,784,832 bytes free
Post-Run: 37,357,772,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /noexecute /fastdetect /usepmtimer

311 --- E O F --- 2009-03-15 23:26

And here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:34 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Electronic Arts\Red Alert 3\FahCore_7c.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.160.1.66:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [App] C:\WINDOWS\system32\cvlu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe "
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1223717228042
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ast Service - Unknown owner - C:\WINDOWS\system32\\AstSrv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe - Stanford University - C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 11948 bytes

Thank you for helping me!

broni · 2009/10/05

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\docume~1\Bryant\LOCALS~1\Temp\KYW144.tmp


Folder::

Driver::
GarenaPEngine


Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]


RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

Zephyrinus · 2009/10/06

Somehow I've managed to solve the problem by disabling most of my start-up applications and processes. However I am unsure if my computer is clean. I followed your instructions and here is the log:

ComboFix 09-10-05.01 - Bryant 10/06/2009 21:43.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1448 [GMT 8:00]
Running from: c:\documents and settings\Bryant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryant\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\docume~1\Bryant\LOCALS~1\Temp\KYW144.tmp "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE

((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-05 11:30 . 2009-10-05 11:30 -------- d-----w- c:\program files\Trend Micro
2009-10-04 17:48 . 2008-12-11 00:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-04 17:48 . 2009-08-24 06:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-04 17:48 . 2009-08-19 03:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-04 17:48 . 2009-10-04 17:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-04 17:48 . 2008-12-10 03:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-04 17:47 . 2009-10-04 17:48 -------- d-----w- c:\program files\Spyware Doctor
2009-10-04 17:47 . 2009-10-04 17:47 -------- d-----w- c:\documents and settings\Bryant\Application Data\PC Tools
2009-10-04 17:47 . 2009-10-04 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-04 17:26 . 2009-10-04 17:26 38 ----a-w- c:\windows\SOLOSCAN.BAT
2009-10-04 17:25 . 2009-10-05 10:55 -------- d-----w- C:\SRN Micro
2009-10-04 17:04 . 2009-10-04 17:04 -------- d-----w- c:\windows\system32\i386
2009-10-04 16:30 . 2009-10-04 16:55 -------- d-----w- c:\documents and settings\Bryant\Application Data\CBS Interactive
2009-10-04 16:02 . 2009-10-04 15:59 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-04 15:59 . 2009-10-04 16:02 -------- d-----w- c:\documents and settings\Bryant\.housecall6.6
2009-09-27 18:17 . 2009-09-27 18:17 -------- d-----w- c:\program files\iPod
2009-09-27 18:17 . 2009-09-27 18:17 -------- d-----w- c:\program files\iTunes
2009-09-27 16:04 . 2008-04-17 05:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-27 14:38 . 2009-09-27 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 14:33 . 2009-09-27 14:33 -------- d-----w- c:\program files\Safari
2009-09-22 17:14 . 2009-09-22 17:14 -------- d-----w- c:\documents and settings\Bryant\Application Data\Creative
2009-09-22 17:05 . 2009-09-22 17:05 -------- d-----w- c:\program files\Creative
2009-09-22 17:00 . 2007-08-08 05:48 157696 ----a-w- c:\windows\system32\drivers\V0330Vid.sys
2009-09-22 17:00 . 2007-04-29 17:10 266240 ----a-w- c:\windows\system32\V0330Cvw.dll
2009-09-22 17:00 . 2007-04-29 17:03 32768 ----a-w- c:\windows\V0330Mon.exe
2009-09-22 17:00 . 2007-04-25 17:10 32768 ----a-w- c:\windows\system32\V0330Hwx.dll
2009-09-22 17:00 . 2007-04-24 17:10 20480 ----a-w- c:\windows\system32\V0330Srv.exe
2009-09-22 17:00 . 2007-04-23 17:10 36864 ----a-w- c:\windows\system32\V0330Pin.dll
2009-09-22 17:00 . 2007-04-23 17:10 20480 ----a-w- c:\windows\V0330Cfg.exe
2009-09-22 17:00 . 2006-12-13 02:35 4516 ----a-w- c:\windows\system32\drivers\V0330STB.SYS
2009-09-22 17:00 . 2005-07-06 17:07 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- C:\Live! Cam
2009-09-22 16:55 . 2009-09-22 16:55 -------- d-----w- C:\WebCam
2009-09-22 16:55 . 2005-03-07 17:00 7168 ----a-w- c:\windows\system32\V0080Aor.dll
2009-09-21 12:08 . 2001-09-19 05:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2009-09-21 12:08 . 2006-05-02 09:12 229376 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2009-09-21 12:08 . 2006-04-26 22:42 93824 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2009-09-21 12:08 . 2006-03-17 10:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2009-09-21 12:07 . 2005-05-04 01:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2009-09-21 12:07 . 2001-09-11 07:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2009-09-21 12:07 . 2009-09-21 12:07 -------- d-----w- c:\program files\Analog Devices
2009-09-21 12:07 . 2005-09-26 08:20 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-09-21 12:07 . 2002-04-17 07:05 45056 ------w- c:\windows\system32\CleanUp.exe
2009-09-21 11:58 . 2009-09-21 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-21 11:48 . 2009-09-21 11:48 -------- d-----w- c:\program files\Realtek
2009-09-21 11:48 . 2009-06-24 02:43 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-21 11:43 . 2009-10-04 16:08 -------- d-----w- c:\windows\system32\NtmsData
2009-09-13 15:27 . 2009-09-13 15:27 -------- d-----w- c:\program files\Pervasive Software
2009-09-13 15:27 . 2009-09-13 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Pervasive Software
2009-09-13 15:26 . 2009-09-13 15:26 9926 ----a-w- c:\windows\PriorPervasive.reg
2009-09-13 15:26 . 2009-09-13 15:26 740 ----a-w- c:\windows\PSODBCEI.reg
2009-09-13 15:26 . 2009-09-13 15:26 740 ----a-w- c:\windows\PSODBCCI.reg
2009-09-13 15:26 . 2009-09-13 15:26 470 ----a-w- c:\windows\PSOA.reg
2009-09-13 15:09 . 2009-09-13 15:28 -------- d-----w- c:\documents and settings\Bryant\Application Data\Peachtree
2009-09-13 15:09 . 2009-09-13 15:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Peachtree
2009-09-13 15:07 . 2008-05-03 07:36 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2009-09-13 15:07 . 2009-10-04 18:08 -------- d-----w- c:\windows\Crystal
2009-09-13 15:06 . 2009-10-04 18:08 -------- d-----w- c:\program files\Common Files\Peach
2009-09-13 15:05 . 2009-09-13 15:05 -------- d-----w- c:\program files\Business Objects
2009-09-13 15:03 . 2009-09-16 16:26 -------- d-----w- c:\program files\Common Files\Pervasive Software Shared
2009-09-13 15:03 . 2009-09-13 15:04 -------- d-----w- c:\program files\Sage Software
2009-09-13 15:02 . 2009-09-13 15:02 -------- d-----w- c:\windows\PeachInst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 15:15 . 2008-10-11 11:08 -------- d-----w- c:\documents and settings\Bryant\Application Data\BitTorrent
2009-10-05 12:40 . 2009-05-13 17:19 -------- d-----w- c:\program files\Steam
2009-10-05 12:10 . 2008-10-11 08:44 70792 ----a-w- c:\documents and settings\Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 11:49 . 2008-10-11 11:03 -------- d-----w- c:\documents and settings\Bryant\Application Data\DNA
2009-10-05 11:00 . 2008-10-11 09:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 10:52 . 2008-10-11 11:03 -------- d-----w- c:\program files\DNA
2009-10-04 17:44 . 2008-10-11 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-03 07:41 . 2008-10-26 03:48 -------- d-----w- c:\documents and settings\Bryant\Application Data\Audacity
2009-09-27 18:20 . 2008-10-18 10:30 -------- d-----w- c:\documents and settings\Bryant\Application Data\Apple Computer
2009-09-27 18:17 . 2008-10-18 10:29 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 18:16 . 2009-06-05 04:43 -------- d-----w- c:\program files\QuickTime
2009-09-24 15:06 . 2008-11-29 06:26 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-24 10:02 . 2008-10-13 15:56 -------- d-----w- c:\program files\Warcraft III
2009-09-24 07:37 . 2009-08-09 16:06 -------- d-----w- c:\program files\Garena
2009-09-23 16:15 . 2009-08-12 15:10 -------- d-----w- c:\program files\SeekService
2009-09-23 01:35 . 2009-08-12 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-09-22 17:05 . 2008-10-11 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 13:13 . 2009-03-29 11:14 2346 ----a-w- c:\windows\War3Unin.dat
2009-09-06 12:40 . 2009-09-06 06:22 -------- d-----w- c:\program files\eSignal
2009-09-06 12:39 . 2009-09-06 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\performance
2009-09-06 12:26 . 2009-09-06 12:26 -------- d-----w- c:\documents and settings\Bryant\Application Data\eSignal
2009-09-06 06:36 . 2009-09-06 03:56 -------- d-----w- c:\program files\Equis
2009-09-06 06:23 . 2009-09-06 06:23 -------- d-----w- c:\documents and settings\Bryant\Application Data\counters
2009-09-06 06:22 . 2009-09-06 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\eSignal
2009-09-04 21:43 . 2009-09-03 08:09 -------- d-----w- c:\program files\AmiBroker
2009-08-28 11:42 . 2009-03-12 03:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 11:42 . 2008-10-18 10:30 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-24 16:30 . 2009-08-24 16:30 -------- d-----w- c:\program files\Common Files\Mediafour
2009-08-24 16:30 . 2009-08-24 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Mediafour
2009-08-24 16:30 . 2009-08-24 16:30 -------- d-----w- c:\program files\Mediafour
2009-08-17 12:30 . 2008-10-14 15:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 12:30 . 2008-10-14 15:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 12:30 . 2008-10-14 15:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-13 22:58 . 2009-10-04 17:48 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-12 15:17 . 2009-08-12 15:17 -------- d-----w- c:\documents and settings\Bryant\Application Data\Cool Record Edit Pro
2009-08-12 15:13 . 2009-08-12 15:13 -------- d-----w- c:\documents and settings\Bryant\Application Data\Free Sound Recorder
2009-08-12 14:44 . 2008-10-26 03:51 -------- d-----w- c:\program files\Audacity
2009-08-11 15:30 . 2009-05-22 06:30 -------- d-----w- c:\documents and settings\Bryant\Application Data\U3
2009-08-09 18:27 . 2008-10-18 10:39 -------- d-----w- c:\documents and settings\Bryant\Application Data\dvdcss
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor "= "c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-03-11 44544]
"nltide_3 "= "advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc "=3 (0x3)
"TryAndDecideService "=2 (0x2)
"SeekService Service "=2 (0x2)
"sdCoreService "=3 (0x3)
"sdAuxService "=3 (0x3)
"O&O Defrag "=2 (0x2)
"NVSvc "=2 (0x2)
"nSvcLog "=2 (0x2)
"nSvcIp "=2 (0x2)
"MacDriveService "=2 (0x2)
"JavaQuickStarterService "=2 (0x2)
"idsvc "=3 (0x3)
"IDriverT "=3 (0x3)
"ForcewareWebInterface "=2 (0x2)
"ForceWare Intelligent Application Manager (IAM) "=2 (0x2)
"FLEXnet Licensing Service "=3 (0x3)
"FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe "=2 (0x2)
"Bonjour Service "=2 (0x2)
"avg8wd "=2 (0x2)
"AVG Anti-Spyware Guard "=2 (0x2)
"Ast Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"SoundMAX "= "c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Gainward "=c:\windows\TBPanel.exe /A
"razer "=c:\program files\Razer\razerhid.exe
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe "
"NeroFilterCheck "=c:\windows\system32\NeroCheck.exe
"OSSelectorReinstall "=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"NvCplDaemon "=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz "=nwiz.exe /install
"NvMediaCenter "=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMAXPnP "=c:\program files\Analog Devices\Core\smax4pnp.exe
"AVG8_TRAY "=c:\progra~1\AVG\AVG8\avgtray.exe
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"Microsoft Update Machine "=gzvorw.exe
"AcronisTimounterMonitor "=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe "
"H2O "=c:\program files\SyncroSoft\Pos\H2O\cledx.exe
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"TrueImageMonitor.exe "=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesdisabled]
"Microsoft Update Machine "=gzvorw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\lancraft\\mirc.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\lancraft\\lancraft.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\system32\\cvlu.exe "=
"c:\\Program Files\\Garena\\Garena.exe "=
"c:\\Program Files\\Steam\\steamapps\\weejiayin\\team fortress 2\\hl2.exe "=
"c:\\Program Files\\Steam\\steam.exe "=
"c:\\Program Files\\SoulseekNS\\slsk.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe "=
"c:\\SRN Micro\\SOLOCFG.EXE "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP "= 94:TCP:VRS Recording System Web Control Panel
"81:TCP "= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP "= 4100:UDP:uPNP Router Control Port
"1583:TCP "= 1583:TCPervasive DBEngine
"3351:TCP "= 3351:TCPervasive DBEngine

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 3:01 PM 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 11:15 AM 19072]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/5/2009 1:48 AM 206256]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [1/22/2009 9:46 PM 134272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/14/2008 11:00 PM 335240]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [10/11/2008 6:46 PM 33792]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2/5/2009 9:08 PM 227072]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [10/11/2008 5:00 PM 13225]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [9/23/2009 1:00 AM 157696]
S4 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe --> c:\windows\system32\\AstSrv.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/14/2008 11:00 PM 297752]
S4 FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe;FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe;c:\program files\Electronic Arts\Red Alert 3\FAH.exe -svcstart --> c:\program files\Electronic Arts\Red Alert 3\FAH.exe -svcstart [?]
S4 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 2:55 PM 143360]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/5/2009 1:47 AM 348824]
S4 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [9/23/2009 9:35 AM 54784]
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.160.1.66:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Bryant\Application Data\Mozilla\Firefox\Profiles\9tyetw8m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll "= "c:\windows\system32\es.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION "= "AC6EAB2A17B9D668E7B74346521C2966CD986D77FE6D7402D6E4D3B936B03FE8B16E06E942E6EEBF7F354EC12AEB257DA9719AA1C92530AAC4F2F1AE80078A60FE3EFAC266E3641C270F92219D8946E5BE9BEF8A2634404418AFDF174ACE24018D9208DF9D05D6BFC2413D7F002031DB76F56C5CBEB967A6E3820CC63ABC106239F62CE2A3342B1C169A7F69C6EEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D14075B71655D58E5115FD71D71A175C92C408C1CAA4B398C45A2DF2A7D94E03323BDFE43F27EA25B0672EBF42BC94C81EEEA9B8077BEDE067B8C26D575C54D0C513401D14751BF28974E52D2D393E8D77F304EA4990AEFD3E4CB24290E536428F02E7B6B9859C4245954876509499512AC47A0ACB65C08C9260DF669186FB0889F6CCD137C6DCD9D85F84B884C059D6B6678D478D9B4C22F8B8E040E461EC01F22419B7E72B6FAD478C5A0D283B65191C3246F9671E7C3BE04A56EC62F3CA7D4E117CC9859B5708032D7D10A76220826003B39CB4F1FAE2721B721F4CF74FA05E7E88B7F74BCD4C7D8616A2A5360973FF5C43F12ABD72F8C1B40CAAB864A550167484686EDF254C7352639632CDA5DE62ADAD4941E61F105CCCF5D371713D60C31D8B13552521E13B380549876543B9A41AA8BB4A7E1A89BB4888E1429F7A15E3FD1C34390AAE6AD65DC93E00ADD93CD05F8BF05A8D109CE752258F347785B232D81B7217E1D658F7FBD9109A6DF5166E3990CD0E87D4C9356E6FA3B6164AFFBB9C68EF053A155275A37AE106C97E03C70F754929185B0CE42377506CAE2CDFB4A1688092D03F5D5F27390285F133120DE92BBFBB2DF77DDC786901FBA6DE6ABE578AE740ADF0C6F6A2F1F3B6BB7B8528A7A2BF0BDD3E68C9A5B550A4E503286B8884C71CF2A5F3E853C8563DCBB6E0A70D7510A097F47A191D111FA02306A7C1278EFF2462B3A7D2D00B4EF652CD0EF33E21F94CED2E751269757DBBA804E71E68B6C9D1B7AECDF6FF1DF6499E6DF23186B48902D939AC778727ECA410CA0BE4F1AD84E5D094B8AFA21007973229FB4095347B1A75833A3CBB79F983E70A72F851191138298AC9427AED09950E318AB9411D8E0A58F8CF7855319CA439F2F046AEEB42DE1C0ED8C6ACF53657109D802ECAD7EBB6E7A04CC32440D1CC2DD83EE02CAA514B76BEC7463CD4B2F7CC0EEA466C9FC12322D7B9B801D627893C7791AF4CA0C7226578E3ED205407E7A0F72F67C955DE7039058D34186C1027249E6A10DABD127301939D51C677F8F5A4B784E4BD76CF6D86004D86EBC1B0E7E2427133C3E2743BE94D9174AFA9752EAA221F4176B3DAA0BAF6D02218C20273A6D177515657E8E "
"OODEFRAG11.00.00.01WORKSTATION "= "6E372C62C6835E6C2E8D8E4102740372B6BBD284849133F3844981C08A1F25BC5971D871F40FDC4B39C658E3FD4EB420E1B2557007687B6A6336A18E6F782D74448B42A88764226F308637CEFEF469803951CBAFF8B124AAB07487E7A390F082832C9A1BE0786E30AE17EA648193C6C6C3A9288F136A506779F6F2A7B6DAB9344C4C91D00AD2CB983517B77927E3B4DBEA9D5F52ADA5E7032F082B1CD8DF8F8A3BBA5E46AD8F8266297965D6B5BA5E59F9E5692E47099A172A44788963B8C0BBCF973D6A9C60258BD1043FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74C0FF1018790C689C320E6529912B9CA86B2C65B20AE8F264A296064BBA02D22D98DD0CF86D23C0701F2F1E04BA1DA4ED69E514A5A7463D213873F8C619AB961F19EE4A8E387AF88AF707221AED17747888CD4C96C0B2607D4C684E5C463455C2EBEDE1D861BF9A723C111B96BCCAE7701F29136E07DDE45284929246D00E27CF45D11579731D5D2B2839BE66BF1866FA6B9ED8303047C6622E44C0D29A9077EAD5B728F861D62CB3843FEF95F53669666BDF134E210D094E2632EFA0A4C0DF147121C1705E9A1289208D1D639371B27AE514BE254C48FD08804B6DC6308B43C334BCF500854FD51A4C8CA743118D4B174B8C9BBEF79546FB7776EB2D0B29D96E7C6EE324BCE418654EF44E142A52817ADAC6302913A1A179A630315ACD3518DDD3780C9CB7D1CD78DDF41BC2B418D10D7D930895AC544445DE2C7AD9AA738019343AF34CCBA9FAB3DEA633AEE82E024F1E26D3C2D1017453004B1BA7E20A0A70A854C265393443CD75A7322D433E3B5FEDBFB17B2BFBCBFC749DA8E0160BD88C78EC666AACAE516D3E95D52685139F5874E602BD632C2AA5DA6818E904126015660B7505F54441D2AC8B0B9F7106AEA1635449E4AF699522D0886B5DDCFD34242F1D95245DA81855B1B21DD97D5E3F0BB04F42980CE1756F74A7093DD4BA44F1DAF8CF0723B25D8E87A07559EBDF4B58A9FE1993234F429824069C74AAADB04FD765143BF871CF5D9F05F4C2715D3BB1C5F2150DAD050941430BF8A9E939F8A7E9AD0F3CC84B48EB880470590DF17DA0B916A433B852A337B53E3A61EE4F9E43B63D3437A2DA1A6949A84527F53BC3E76779CFB58E368F488586CF74DADD967560BCB046FADFB1B7FA9009D585A24E202C4B61678B5D41D8FDF1472F43212BB76C04A9C9567BD969089C2E14993121C56A3DDC329F59CC4E902379C21EC575C43A806891CF0479CE2880030BED1AD121FB0DBCAB9D250D6F348D9102609459DEAD7D85974925A0314EB88AB6E9C853E0B7D9D84BE31E6140E2F207B95E65BA09FDAC3AFD4CB "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\relog_ap.dll
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(1768)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-10-06 21:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 13:55
ComboFix2.txt 2009-10-05 11:16

Pre-Run: 37,194,293,248 bytes free
Post-Run: 37,099,409,408 bytes free

314 --- E O F --- 2009-03-15 23:26

broni · 2009/10/06

I've managed to solve the problem by disabling most of my start-up applications and processes.
Click to expand...

My instructions clearly say, not to make any other changes to the computer, other than I request. Please, reverse all changes.

============================================================

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

==============================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Zephyrinus · 2009/10/07

Sorry about that, I reversed all the changes I've made, and followed your instructions. SUPERantiSpyware did not detect any threats on my computer, But Malewarebyte's Anti-Malware detected 6 threats. Heres the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2919
Windows 5.1.2600 Service Pack 3

10/7/2009 11:26:03 PM
mbam-log-2009-10-07 (23-26-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227749
Time elapsed: 34 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Bryant\Desktop\Completed Torrents\MakeMusic Finale 2008 3CD's Incl Keygen\keygen.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A67A0C4-E200-4FA1-9BDA-3887305A60A2}\RP1\A0000123.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\winfile.jpg (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winjpg.jpg (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.

Zephyrinus · 2009/10/07

Sorry I forgot to add my Hijackthis Log. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:39 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\cvlu.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\Program Files\Electronic Arts\Red Alert 3\FahCore_7c.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.160.1.66:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe "
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [App] C:\WINDOWS\system32\cvlu.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1223717228042
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ast Service - Unknown owner - C:\WINDOWS\system32\\AstSrv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe - Stanford University - C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 12404 bytes

broni · 2009/10/07

How are the issues right now?

I recommend, you remove NVIDIA ActiveArmor hardware firewall built into nVidia nForce motherboard chipsets.
It's known for causing a lot of problems.

Open Notepad.
Copy, and paste text below:

c:
cd %windir%\system32\wbem\
net stop winmgmt /y
ping -n 10 127.0.0.1
rmdir /s /q repository
rmdir /s /q Logs
mkdir Logs
net start winmgm
ping -n 10 127.0.0.1
exit
Click to expand...

Save it as nvidia.bat

Run it, by doubleclicking on nvidia.bat

Restart computer.

==================================================================

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

Zephyrinus · 2009/10/09

My computers fine now, it is working fine. I removed NVIDIA ActiveArmour.

However, Dr.Web CureIt crashes when I run a complete scan about 20% into the scan:

z69I5XP.exe has encountered a problem and needs to close. We are sorry for the inconvienience.

And then it will ask me if I want to send an error report to Microsoft.

broni · 2009/10/09

Download, and install AVP Tool.
After installation, leave all settings as they're, and simply click on Scan button.
When scan is done, and any objects are found, click on Neutralize all button.
Next, click Reports... button, then Save to file....
Save the file to know location as report.txt.
Open report.txt in Notepad, copy all content, and post it in your next reply.

Post fresh HijackThis log as well.

Zephyrinus · 2009/10/10

Here is my reports log:

Scan
----
Scanned: 3102
Detected: 0
Untreated: 0
Start time: 10/11/2009 3:03:03 AM
Duration: 00:01:16
Finish time: 10/11/2009 3:04:19 AM

Detected
--------
Status Object
------ ------

Events
------
Time Name Status Reason
---- ---- ------ ------
10/11/2009 3:03:07 AM Running module: smss.exe\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----

and the new HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:26 AM, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.160.1.66:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1223717228042
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

--
End of file - 5702 bytes

broni · 2009/10/10

I believe, you forgot to fully re-enable AVG, so please, correct it.
Or...lower part of HJT is cut off, because I can't see any O23 entries.

==================================================================

Please, uninstall AVG Anti-Spyware 7.5. It's not functional anymore.

================================================================

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

===================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
- O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
- O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
- O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

Zephyrinus · 2009/10/10

I couldn't find:
- O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

But I've chcekmarked and fixed the rest, and enabled AVG as instructed. Here is my new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:06 PM, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Electronic Arts\Red Alert 3\FahCore_7c.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.160.1.66:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe "
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1223717228042
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ast Service - Unknown owner - C:\WINDOWS\system32\\AstSrv.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FAH@C:+Program Files+Electronic Arts+Red Alert 3+FAH.exe - Stanford University - C:\Program Files\Electronic Arts\Red Alert 3\FAH.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10779 bytes

broni · 2009/10/11

Excellent

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

Zephyrinus · 2009/10/11

Thank you so much for all your time, patience and help! My computer is running fine now and I am very grateful =) You guys are really awesome to do this for free. BIG THANKS!

broni · 2009/10/11

You're very welcome
Happy surfing

Log in or Sign up

Solved Unable to run Task Manager

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Unable to run Task Manager

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Zephyrinus Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches