Solve : Re: spyware/virus problem. can't access C: drive, can't open

1.	Solve : Re: spyware/virus problem. can't access C: drive, can't open certain programs?
Answer» Had a very similar problem, here the log that I got after running COMBOFIX Wonder if were downloading same thing. ComboFix 09-03-15.01 - Stan 2009-03-18 21:22:34.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1159 [GMT -4:00] Running from: c:\documents and settings\Stan\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Outdated) AV: McAfee VirusScan On-access scanning disabled (Outdated) AV: Spyware Doctor with AntiVirus On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\system32\drivers\fad.sys c:\windows\system32\drivers\gaopdxaklnqqoroeeiwqmmnaijgvjngukftvxo.sys c:\windows\system32\drivers\gaopdxrmyvymqskltenbgixudpskjwbpjovutm.sys c:\windows\system32\drivers\gaopdxyapuxrdlvnrwkpbivaqxdoltfmrqvmph.sys c:\windows\system32\gaopdxcounter c:\windows\system32\gaopdxxmumdbjduxdltoirkhfrhpabrnoretfm.dll Z:\Autorun.inf z:\recycler\S-1-4-31-100013720-100003350-100027788-1077.com z:\recycler\S-5-3-59-100026097-100009182-100004493-3868.com z:\recycler\S-5-5-81-100002894-100007065-100025522-8070.com z:\recycler\S-9-9-13-100003843-100027127-100021430-4327.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 ))))))))))))))))))))))))))))))) . 2009-03-18 18:49 . 2009-03-18 18:49 d-------- c:\documents and settings\Stan\Application Data\TrojanHunter 2009-03-18 18:14 . 2009-03-18 18:14 d-------- c:\program files\TrojanHunter 5.0 2009-03-17 23:01 . 2009-03-17 23:01 d-------- C:\Mdtcm 2009-03-16 22:10 . 2009-03-16 22:10 d--h----- C:\$AVG8.VAULT$ 2009-03-16 22:01 . 2009-03-16 22:01 d-------- c:\windows\system32\drivers\Avg 2009-03-16 22:01 . 2009-03-16 22:01 d-------- c:\program files\AVG 2009-03-16 22:01 . 2009-03-16 22:01 d-------- c:\documents and settings\Stan\Application Data\AVGTOOLBAR 2009-03-16 22:01 . 2009-03-16 22:01 d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-16 22:01 . 2009-03-16 22:01 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-16 22:01 . 2009-03-16 22:01 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-16 22:01 . 2009-03-16 22:01 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-16 20:43 . 2009-01-26 15:31 414,552 --a------ c:\windows\system32\123.scr 2009-03-16 20:36 . 2009-03-16 21:21 d-------- c:\program files\Spybot - Search & Destroy 2009-03-16 20:36 . 2009-03-16 21:13 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 20:11 . 2009-03-16 20:11 d-------- c:\documents and settings\Administrator 2009-03-16 20:00 . 2009-03-16 20:01 d-------- c:\program files\Spyware Doctor 2009-03-16 20:00 . 2009-03-16 20:00 d-------- c:\program files\Common Files\PC Tools 2009-03-16 20:00 . 2009-03-16 20:00 d-------- c:\documents and settings\Stan\Application Data\PC Tools 2009-03-16 20:00 . 2009-03-18 19:25 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-16 20:00 . 2009-03-16 20:00 d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-03-16 20:00 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys 2009-03-16 20:00 . 2009-03-06 16:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys 2009-03-16 20:00 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys 2009-03-16 20:00 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys 2009-03-16 17:44 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 01:20 --------- d-----w c:\documents and settings\Stan\Application Data\DNA 2009-03-18 23:25 --------- d-----w c:\program files\DNA 2009-03-18 23:02 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-18 22:49 --------- d-----w c:\documents and settings\Stan\Application Data\U3 2009-03-16 11:37 --------- d-----w c:\program files\Norton Internet Security 2009-03-16 01:29 --------- d-----w c:\documents and settings\Stan\Application Data\BitTorrent 2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys 2009-01-24 20:36 --------- d-----w c:\program files\BitTorrent . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "j2 4.4"="c:\program files\j2 Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-24 342848] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-10-16 868352] "RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-23 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-23 77824] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 71280] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-10-22 70840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 163840] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-16 1932568] "THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472] c:\documents and settings\Stan\Start Menu\Programs\Startup\ jConnect 4.4.lnk - c:\program files\j2 Messenger 4.4\J2GTray.exe [2008-10-07 656896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-06 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-16 22:01 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\UltraVNC\\winvnc.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:xpsp2res.dll,-22009 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-16 130424] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-16 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-16 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-16 298264] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-08-22 6016] S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2006-03-24 23296] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-16 348752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-9-13-100003843-100027127-100021430-4327.com c:\ \Shell\Open\command - c:\recycler\S-9-9-13-100003843-100027127-100021430-4327.com c:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-9-13-100003843-100027127-100021430-4327.com z:\ \Shell\Open\command - z:\recycler\S-9-9-13-100003843-100027127-100021430-4327.com z:\ . Contents of the 'Scheduled Tasks' folder 2009-03-14 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 18:22] 2009-03-19 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Sonic RecordNow! - (no file) HKLM-Run-AVG7_RegCleaner - c:\progra~1\Grisoft\AVG7\avgregcl.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ebay.com/ uInternet Connection Wizard,ShellNext = hxxp://estore.sonic.com/upgrades/purchase.asp?srnm=C5HL2KVAEPDSS4JGR⟨=ENU&id=40 uInternet Settings,ProxyServer = 192.168.1.1 uInternet Settings,ProxyOverride = DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Stan\Application Data\Mozilla\Firefox\Profiles\x5uhg4ro.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-18 21:26:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2009-03-18 21:28:38 ComboFix-quarantined-files.txt 2009-03-19 01:28:32 Pre-Run: 101,167,312,896 bytes free Post-Run: 101,278,400,512 bytes free 173 --- E O F --- 2009-03-16 21:46:33 i'm not an expert , but why do you have , AVG / norton / mcafee / spyware WITH antvirus, all on you pc , harryYou have way TOO MUCH protection on this computer. It actually can offer less protection by running multiple security softwares at once. Disable Spybot's TeaTimer While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with our fixes. Please disable TeaTimer. 1. Right click Spybot in the System TRAY (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D RESIDENT 2. Run Spybot S&D 3. Go to the Mode menu, and make sure Advanced Mode is selected. 4. On the left hand side, choose Tools > Resident uncheck Resident TeaTimer and OK any prompt and Restart your computer. Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. If TeaTimer will not turn off then uninstall Spybot until we are done cleaning. ---------- AVG Anti-Virus Free McAfee VirusScan Spyware Doctor with AntiVirus The real-time protection of multiple antivirus programs may conflict with each other and cause the following: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time. 3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. Please uninstall all but ONE antivirus now. ---------- Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left MOUSE button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Download Malwarebytes' Anti-Malware (MBAM) Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is FOUND, it will download and install the LATEST version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire report in your next reply. . Extra Note:** If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Solve : Re: spyware/virus problem. can't access C: drive, can't open certain programs?

Answer»

Had a very similar problem, here the log that I got after running COMBOFIX
Wonder if were downloading same thing.

ComboFix 09-03-15.01 - Stan 2009-03-18 21:22:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1159 [GMT -4:00]
Running from: c:\documents and settings\Stan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\gaopdxaklnqqoroeeiwqmmnaijgvjngukftvxo.sys
c:\windows\system32\drivers\gaopdxrmyvymqskltenbgixudpskjwbpjovutm.sys
c:\windows\system32\drivers\gaopdxyapuxrdlvnrwkpbivaqxdoltfmrqvmph.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxxmumdbjduxdltoirkhfrhpabrnoretfm.dll
Z:\Autorun.inf
z:\recycler\S-1-4-31-100013720-100003350-100027788-1077.com
z:\recycler\S-5-3-59-100026097-100009182-100004493-3868.com
z:\recycler\S-5-5-81-100002894-100007065-100025522-8070.com
z:\recycler\S-9-9-13-100003843-100027127-100021430-4327.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 18:49 . 2009-03-18 18:49      d--------   c:\documents and settings\Stan\Application Data\TrojanHunter
2009-03-18 18:14 . 2009-03-18 18:14      d--------   c:\program files\TrojanHunter 5.0
2009-03-17 23:01 . 2009-03-17 23:01      d--------   C:\Mdtcm
2009-03-16 22:10 . 2009-03-16 22:10      d--h-----   C:\$AVG8.VAULT$
2009-03-16 22:01 . 2009-03-16 22:01      d--------   c:\windows\system32\drivers\Avg
2009-03-16 22:01 . 2009-03-16 22:01      d--------   c:\program files\AVG
2009-03-16 22:01 . 2009-03-16 22:01      d--------   c:\documents and settings\Stan\Application Data\AVGTOOLBAR
2009-03-16 22:01 . 2009-03-16 22:01      d--------   c:\documents and settings\All Users\Application Data\avg8
2009-03-16 22:01 . 2009-03-16 22:01   325,640   --a------   c:\windows\system32\drivers\avgldx86.sys
2009-03-16 22:01 . 2009-03-16 22:01   107,912   --a------   c:\windows\system32\drivers\avgtdix.sys
2009-03-16 22:01 . 2009-03-16 22:01   10,520   --a------   c:\windows\system32\avgrsstx.dll
2009-03-16 20:43 . 2009-01-26 15:31   414,552   --a------   c:\windows\system32\123.scr
2009-03-16 20:36 . 2009-03-16 21:21      d--------   c:\program files\Spybot - Search & Destroy
2009-03-16 20:36 . 2009-03-16 21:13      d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-16 20:11 . 2009-03-16 20:11      d--------   c:\documents and settings\Administrator
2009-03-16 20:00 . 2009-03-16 20:01      d--------   c:\program files\Spyware Doctor
2009-03-16 20:00 . 2009-03-16 20:00      d--------   c:\program files\Common Files\PC Tools
2009-03-16 20:00 . 2009-03-16 20:00      d--------   c:\documents and settings\Stan\Application Data\PC Tools
2009-03-16 20:00 . 2009-03-18 19:25      d-a------   c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 20:00 . 2009-03-16 20:00      d--------   c:\documents and settings\All Users\Application Data\PC Tools
2009-03-16 20:00 . 2008-12-11 08:38   159,600   --a------   c:\windows\system32\drivers\pctgntdi.sys
2009-03-16 20:00 . 2009-03-06 16:45   130,424   --a------   c:\windows\system32\drivers\PCTCore.sys
2009-03-16 20:00 . 2008-12-18 12:16   73,840   --a------   c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-16 20:00 . 2008-12-10 12:36   64,392   --a------   c:\windows\system32\drivers\pctplsg.sys
2009-03-16 17:44 . 2003-02-28 18:26   139,536   --a------   c:\windows\system32\javaee.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 01:20   ---------   d-----w   c:\documents and settings\Stan\Application Data\DNA
2009-03-18 23:25   ---------   d-----w   c:\program files\DNA
2009-03-18 23:02   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2009-03-18 22:49   ---------   d-----w   c:\documents and settings\Stan\Application Data\U3
2009-03-16 11:37   ---------   d-----w   c:\program files\Norton Internet Security
2009-03-16 01:29   ---------   d-----w   c:\documents and settings\Stan\Application Data\BitTorrent
2009-02-09 10:19   1,846,272   ----a-w   c:\windows\system32\win32k.sys
2009-01-24 20:36   ---------   d-----w   c:\program files\BitTorrent
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"j2 4.4"="c:\program files\j2 Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-24 342848]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-10-16 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-23 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-23 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 71280]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-10-22 70840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 163840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-16 1932568]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

c:\documents and settings\Stan\Start Menu\Programs\Startup\
jConnect 4.4.lnk - c:\program files\j2 Messenger 4.4\J2GTray.exe [2008-10-07 656896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-06 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-16 22:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-16 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-16 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-16 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-16 298264]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-08-22 6016]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2006-03-24 23296]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-16 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-9-13-100003843-100027127-100021430-4327.com c:\
\Shell\Open\command - c:\recycler\S-9-9-13-100003843-100027127-100021430-4327.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-9-13-100003843-100027127-100021430-4327.com z:\
\Shell\Open\command - z:\recycler\S-9-9-13-100003843-100027127-100021430-4327.com z:\
.
Contents of the 'Scheduled Tasks' folder

2009-03-14 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 18:22]

2009-03-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-AVG7_RegCleaner - c:\progra~1\Grisoft\AVG7\avgregcl.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uInternet Connection Wizard,ShellNext = hxxp://estore.sonic.com/upgrades/purchase.asp?srnm=C5HL2KVAEPDSS4JGR⟨=ENU&id=40
uInternet Settings,ProxyServer = 192.168.1.1
uInternet Settings,ProxyOverride =
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Stan\Application Data\Mozilla\Firefox\Profiles\x5uhg4ro.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:26:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-18 21:28:38
ComboFix-quarantined-files.txt 2009-03-19 01:28:32

Pre-Run: 101,167,312,896 bytes free
Post-Run: 101,278,400,512 bytes free

173   --- E O F ---   2009-03-16 21:46:33
i'm not an expert , but why do you have , AVG / norton / mcafee / spyware

WITH antvirus, all on you pc , harryYou have way TOO MUCH protection on this computer. It actually can offer less protection by running multiple security softwares at once.

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with our fixes. Please disable TeaTimer.

1. Right click Spybot in the System TRAY (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D RESIDENT
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

----------

AVG Anti-Virus Free
McAfee VirusScan
Spyware Doctor with AntiVirus

The real-time protection of multiple antivirus programs may conflict with each other and cause the following:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

Please uninstall all but ONE antivirus now.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left MOUSE button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is FOUND, it will download and install the LATEST version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Solve : Re: spyware/virus problem. can't access C: drive, can't open certain programs?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment