Hi today I scaned my PC and I found 3 viruses . I deleted the viruses and I downloaded a program . I scaned it and it was infected ... so I deleted it. I shut down my computer and when I turned on it appears this "Services and Controller app has encountered a problem and needs to close"...
Please help me to remove the virus...
Heres the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:16 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Fam. Berendea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Fam. Berendea\Desktop\Hijack.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Fam. Berendea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fam. Berendea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fam. Berendea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &d&ownload &with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &d&ownload all video with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &d&ownload all with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {d18a0b52-d63c-4ed0-afc6-c1e3dc1af43a} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: QoS RSVP RSVPclr_optimization_v2.0.50727_32 (RSVPclr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\system32\adsntj.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11672 bytes

Please help ... My computer is continuously restarting

[I]Edit
Bump and Topic Will Be Closed (http://forums.spybot.info/showpost.php?p=219168&postcount=6)

Sorry, everyone who starts a topic needs help. :)

Hi Berendea

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

This is :
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Age of Empires III
Ask Toolbar
Atheros Client Utility
Atheros Driver Installation Program
avast! Antivirus
BitComet 1.12
Bluetooth Stack for Windows by Toshiba
Burnout(TM) Paradise The Ultimate Box
Camera Assistant Software for Toshiba
ffdshow [rev 2832] [2009-03-28]
Free Realms Installer
Global Mapper 9
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
igLoader
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java(TM) 6 Update 14
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Monster Trucks Nitro Demo
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
MV2Player (remove only)
Need for Speed™ Undercover
Nero 8
neroxml
P2P_Energy Toolbar
P2P_Torrent Toolbar
PDFCreator
PowerDVD
PowerISO
RCT3 Soaked
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon 2
RollerCoaster Tycoon® 3
Skype™ 4.0
Synaptics Pointing Device Driver
TorrentMan Toolbar
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Power Saver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
Total Commander (Remove or Repair)
TUGZip 3.5
USB 2.0 Card Reader
VCRedistSetup
Winamp
Windows Communication Foundation
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Widgets

I scaned the computer with AVG and it found a trojan and I deleted it, but it still restarting in 60 seconds. Is possible that the virus deleted something from Windows? The computer is not restarting every time ... Once appears this "Services and Controller app has encountered a problem and needs to close. We are sorry for the inconvenience." and once the computer is working normaly.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet 1.12
P2P_Energy Toolbar
P2P_Torrent Toolbar
TorrentMan Toolbar

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also this:

Ask Toolbar

Please run a new uninstall list scan when finished and post the log back here.

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Age of Empires III
Atheros Client Utility
Atheros Driver Installation Program
AVG Free 8.5
Bluetooth Stack for Windows by Toshiba
Burnout(TM) Paradise The Ultimate Box
Camera Assistant Software for Toshiba
ffdshow [rev 2832] [2009-03-28]
Free Realms Installer
Global Mapper 9
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
igLoader
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java(TM) 6 Update 14
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Monster Trucks Nitro Demo
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
MV2Player (remove only)
Need for Speed™ Undercover
Nero 8
neroxml
PDFCreator
PowerDVD
PowerISO
RCT3 Soaked
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Re-Volt - www.classic-gaming.net
RollerCoaster Tycoon 2
RollerCoaster Tycoon® 3
Skype™ 4.0
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Power Saver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
Total Commander (Remove or Repair)
TUGZip 3.5
USB 2.0 Card Reader
VCRedistSetup
Winamp
Windows Communication Foundation
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Widgets

Today my AVG found a A0012831.exe and I start a new scan with Malwarebytes' Anti-Malware I hope I will find all viruses.
AVG found A0012831.exe because it wants to unpack it to Windows

That one is in system restore and inactive.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

I need to close AVG because yesterday I scaned the computer and I dont find anything ? But I will scan it again

Did you scan yesterday with kaspersky or with AVG?

With AVG and with Kaspersky too . With AVG first and it found 3 viruses and after that with kaspersky and it dont find anything. This morning appears an from AVG that I have A0012831.exe and a trojan. I moved the viruses to chest but I don find the virus wich makes this eror "Services and Controller app has encountered a problem and needs to close. We are sorry for the inconvenience.". So after this eror my PC is restarting after 60 sec .

We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

I hope this is that :
ComboFix 09-06-18.02 - Fam. Berendea 06/19/2009 13:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2295 [GMT 3:00]
Running from: c:\documents and settings\Fam. Berendea\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\57a96cbe.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RSVPCLR_OPTIMIZATION_V2.0.50727_32
-------\Service_57a96cbe
-------\Service_RSVPclr_optimization_v2.0.50727_32


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 07:35 . 2009-06-19 10:23 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-06-19 07:35 . 2009-06-19 10:23 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-06-19 07:17 . 2009-06-19 07:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-19 07:16 . 2009-06-19 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-19 07:14 . 2009-06-19 10:28 -------- d-----w- C:\Security programs
2009-06-19 06:01 . 2009-06-19 06:01 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\Malwarebytes
2009-06-19 06:01 . 2009-06-17 08:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 06:01 . 2009-06-19 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-19 06:01 . 2009-06-19 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 06:01 . 2009-06-17 08:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 05:34 . 2009-06-19 05:34 -------- d-----w- c:\documents and settings\Fam. Berendea\Local Settings\Application Data\Help
2009-06-18 09:55 . 2009-06-19 06:21 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-18 09:48 . 2009-06-18 09:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-18 09:48 . 2009-06-18 09:48 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-18 09:48 . 2009-06-18 09:48 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-18 09:48 . 2009-06-18 09:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-18 09:48 . 2009-06-19 10:30 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-18 09:48 . 2009-06-18 09:48 -------- d-----w- c:\program files\AVG
2009-06-18 09:48 . 2009-06-18 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 12:31 . 2009-06-17 12:38 -------- d-----w- C:\HJT
2009-06-17 07:54 . 2009-06-17 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-11 12:31 . 2009-06-11 12:31 -------- d-----w- c:\documents and settings\Fam. Berendea\Local Settings\Application Data\Google
2009-06-11 08:55 . 2009-06-11 08:55 152576 ----a-w- c:\documents and settings\Fam. Berendea\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 11:05 . 2009-06-04 11:05 -------- d-----w- c:\documents and settings\Fam. Berendea\Local Settings\Application Data\Criterion Games
2009-06-01 17:13 . 2009-06-01 17:13 -------- d-----w- c:\windows\Sun
2009-05-24 15:28 . 2009-05-21 08:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-24 15:27 . 2009-06-11 08:56 -------- d-----w- c:\program files\Java
2009-05-24 15:27 . 2009-05-24 15:27 152576 ----a-w- c:\documents and settings\Fam. Berendea\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-23 10:46 . 2009-06-14 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-20 10:56 . 2009-05-20 10:56 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-20 10:56 . 2009-06-01 11:55 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-20 10:56 . 2009-06-01 11:55 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 10:46 . 2009-04-10 22:03 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\Skype
2009-06-19 10:46 . 2009-04-14 12:58 -------- d-----w- c:\program files\DNA
2009-06-19 10:46 . 2009-04-14 12:58 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\DNA
2009-06-19 07:02 . 2009-04-13 13:11 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\skypePM
2009-06-19 05:59 . 2009-06-19 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-19 05:32 . 2009-06-19 05:32 1071 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_694A72599FD5A214DA7C61B85A73C96A.dll
2009-06-19 05:02 . 2009-04-24 18:28 -------- d-----w- c:\program files\TorrentMan
2009-06-19 05:02 . 2009-05-06 18:13 -------- d-----w- c:\program files\BitComet
2009-06-03 13:18 . 2009-05-19 16:34 100 --s-a-w- c:\windows\system32\3829780267.dat
2009-05-24 15:29 . 2009-04-10 18:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-19 16:14 . 2009-04-10 14:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 16:14 . 2009-05-19 16:14 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-18 18:15 . 2009-05-18 18:15 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-18 16:35 . 2009-04-10 13:25 70840 ----a-w- c:\documents and settings\Fam. Berendea\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 12:43 . 2009-05-18 12:43 161168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-18 12:36 . 2009-05-14 12:20 -------- d-----w- c:\program files\Microsoft Games
2009-05-16 18:47 . 2009-04-10 18:49 -------- d-----w- c:\program files\MSBuild
2009-05-16 18:44 . 2009-05-16 18:44 -------- d-----w- c:\program files\Reference Assemblies
2009-05-16 08:20 . 2009-05-15 18:59 -------- d-----w- c:\program files\GlobalMapper9
2009-05-14 12:52 . 2009-05-14 12:52 -------- d-----w- c:\program files\MSXML 4.0
2009-05-14 11:44 . 2009-05-14 11:44 -------- d-----w- c:\program files\PowerISO
2009-05-13 15:37 . 2009-05-13 15:37 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\CyberLink
2009-05-07 14:55 . 2009-05-07 14:55 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\InstallShield Installation Information
2009-05-07 14:54 . 2009-05-07 15:05 344064 ----a-w- c:\documents and settings\Fam. Berendea\Application Data\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll
2009-05-07 12:53 . 2009-04-24 12:25 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\uTorrent
2009-05-05 15:16 . 2009-05-05 15:15 -------- d-----w- c:\program files\Sony Online Entertainment
2009-05-03 13:40 . 2009-04-10 14:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-28 13:48 . 2009-04-28 13:48 -------- d-----w- c:\program files\IrfanView
2009-04-22 17:55 . 2009-04-22 17:54 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-04-22 17:54 . 2009-04-22 17:54 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-04-22 17:45 . 2009-04-22 17:45 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\Leadertech
2009-04-22 15:11 . 2009-04-22 15:11 -------- d-----w- c:\documents and settings\Fam. Berendea\Application Data\Atari
2009-04-13 13:11 . 2009-04-13 13:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-10 18:36 . 2009-04-10 12:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-10 17:59 . 2009-04-10 17:59 0 ----a-w- c:\windows\nsreg.dat
2009-04-10 14:12 . 2009-04-10 14:12 315392 ----a-w- c:\windows\HideWin.exe
2009-04-10 12:51 . 2009-04-10 12:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-14 321344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Fam. Berendea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-28 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-28 141848]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1024000]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-13 450648]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-18 1948440]
"NDSTray.exe"="NDSTray.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-08-28 16860672]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2008-07-30 266240]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Fam. Berendea\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-18 09:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Nicu\\Jocuri\\Burnout Paradise\\BurnoutLauncher.exe"=
"d:\\Nicu\\Jocuri\\Burnout Paradise\\BurnoutConfigTool.exe"=
"d:\\Nicu\\Jocuri\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9798:TCP"= 9798:TCP:BitComet 9798 TCP
"9798:UDP"= 9798:UDP:BitComet 9798 UDP

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/19/2009 10:17 AM 64160]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2009 12:48 PM 327688]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2009 12:48 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/18/2009 12:48 PM 298776]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [4/10/2009 6:48 PM 5888]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [4/10/2009 6:46 PM 57408]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1450960922-682003330-1003.job
- c:\documents and settings\Fam. Berendea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 12:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe


.
------- Supplementary Scan -------
.
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 13:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1796)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-06-19 13:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 10:48

Pre-Run: 24,954,597,376 bytes free
Post-Run: 26,477,678,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

229

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:21 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Documents and Settings\Fam. Berendea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fam. Berendea\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fam. Berendea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9253 bytes

Please download regsearch.zip (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip) and save it to your desktop.
Right click on regsearch.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
Click on the Browse button. Click on Desktop. Then click OK.
Once done, check (tick) the Show extracted files box and click Finish.
Double click on regsearch.exe to run it.
Copy and paste fystemroot under Enter search strings (case independent) and click OK... (boxed up in red in the screenshot below).

http://xs224.xs.to/xs224/08073/regsearch184.png

Click OK.
When done, RegSearch.txt will open. Please post the contents of this file in your next reply. This file can also be found on your desktop or wherever regsearch is extracted to.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/19/2009 4:57:24 PM for strings:
; 'fystemroot'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

; End Of The Log...

Download ERUNT from Derfisch (http://www.derfisch.de/lars/erunt-setup.exe) or MVPS (http://dundats.mvps.org/Files/erunt-setup.exe) and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT (http://www.silentrunners.org/sr_eruntuse.html) to back up your registry. Skip Step 19 for now.

-open registry : start -> run -> type regedit and hit enter

Go back to the top (left column) and do a search for %fystemroot% , via ctrl +f

On the open folder in the left panel : rightclick it -> select Permissions and set permissions (total control) for you (administrator) then apply and double click on the key (ImagePath), replace %fystemroot% with %SystemRoot%

Do so for every value it finds! (Use F3 to find next)

Reboot and post back a fresh HijackThis log, please.

I saw that one time when I turn on my computer I have 59 processes and one time 62 processes. It can be caused by a virus?
I will try to post tomorrow that log because I am not home ...

No that is due to amount of startup programs.

I can suggest which of them you can disable once your are clean :)

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.