This is with regards to my previous post with the link below. It is 2 weeks from now and the problem still there. I cannot install any AV also. Assistance will be highly appreciated and i will try my best to cooperate and follow every instructions needed.

http://forums.spybot.info/showthread.php?t=59113

Here is my DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 14:36:15.10 on Thu 08/26/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.319.71 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iNTERNET Turbo\iDetect.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ping.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TuneUp Utilities 2008\ProcessManager.exe
E:\torrent\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hronline/epic/index.aspx
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.microsoft.com
uDefault_Search_URL = hxxp://google.com
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.microsoft.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.microsoft.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {49E64823-59D0-4B60-8780-E89895DE46ED} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Detect] c:\program files\internet turbo\iDetect.exe /auto
mRunServices: [Detect] c:\program files\internet turbo\iDetect.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Show all images in original quality - c:\program files\www.cproxy.com\originalAll.htm
IE: Show image in original quality - c:\program files\www.cproxy.com\original.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {0295AC8D-3284-434C-A23F-68002BADC8EB} = 8.8.8.8,8.8.4.4
TCP: {E06F124E-9E6F-4429-A2C5-86C79C9B9DC7} = 202.138.128.50,202.138.128.54
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\SAPHTMLP.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\00stish2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1210541&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - OnlineSharing
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1210541&SearchSource=13
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\admin\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\admin\application

data\mozilla\firefox\profiles\00stish2.default\extensions\{2cd3c100-9961-4a31-bcd1-89fbe595770c}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\admin\application

data\mozilla\firefox\profiles\00stish2.default\extensions\{2cd3c100-9961-4a31-bcd1-89fbe595770c}\components\RadioWMPCore.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 wgppnt;wgppnt;c:\windows\system32\drivers\wgppnt.sys [2008-11-13 38212]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2008-5-29 26624]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\inmkvn.sys --> c:\windows\system32\drivers\inmkvn.sys [?]
S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eboost.sys --> c:\windows\system32\drivers\eBoost.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 hfwmppb;hfwmppb;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-9-17 37488]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-25 102656]
S3 NetHook_ControlCenter;ArtOfPing ControlCenter;\??\c:\program files\autotunnel gg\controlcenter.sys --> c:\program files\autotunnel gg\ControlCenter.sys [?]
S3 NetHook_Interceptor;ArtOfPing TDI Interceptor;\??\c:\program files\autotunnel gg\interceptor.sys --> c:\program files\autotunnel gg\Interceptor.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-08-23 09:15:21 0 d-----w- c:\docume~1\admin\applic~1\Wireshark
2010-08-23 09:10:17 0 d-----w- c:\program files\WinPcap
2010-08-23 09:09:27 0 d-----w- c:\program files\Wireshark
2010-08-21 18:46:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-21 17:40:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-21 17:40:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-21 17:20:06 8 --sha-r- c:\documents and settings\admin\ntuser.pol
2010-08-21 17:17:15 0 d--h--w- c:\windows\system32\GroupPolicy
2010-08-21 14:08:05 5632 --sha-w- c:\windows\Thumbs.db
2010-08-21 14:08:04 5632 --sha-w- c:\windows\system32\Thumbs.db
2010-08-21 08:32:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 08:32:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 08:32:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 07:55:07 4608 ------w- c:\windows\system32\chkvdisk.exe
2010-08-18 07:52:43 0 d-----w- c:\windows\system32\configfix
2010-08-18 07:52:35 0 d-----w- c:\program files\Shield
2010-08-17 10:11:34 0 d-----w- C:\VundoFix Backups
2010-08-16 06:47:51 378305 ----a-w- C:\NewFolder.exe Removal.exe
2010-08-15 14:52:28 0 d-----w- c:\docume~1\admin\applic~1\Tor
2010-08-15 14:52:22 0 d-----w- c:\program files\Vidalia Bundle
2010-08-07 00:56:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-08-07 00:55:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-08-07 00:53:07 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-08-07 00:53:07 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-08-07 00:46:58 0 d-----w- c:\program files\common files\PCSuite
2010-08-07 00:46:34 0 d-----w- c:\program files\common files\Nokia
2010-08-07 00:45:08 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-07 00:43:39 0 d-----w- c:\program files\PC Connectivity Solution
2010-08-07 00:43:18 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-08-07 00:43:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-08-07 00:43:16 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-08-07 00:43:11 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-08-07 00:43:11 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-08-07 00:43:11 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-30 02:49:18 30 ----a-w- C:\AS400.NLS
2010-07-30 02:46:28 160 ----a-w- C:\AS400.KMP
2010-07-30 02:44:56 307250 ----a-w- c:\windows\system32\cwbaffax.dll
2010-07-30 02:44:54 864256 ----a-w- c:\windows\system32\cwbzzodb.dll
2010-07-30 02:44:53 442368 ----a-w- c:\windows\system32\cwbodbc.dll
2010-07-30 02:44:52 421888 ----a-w- c:\windows\system32\cwbtfutl.dll
2010-07-30 02:44:52 270386 ----a-w- c:\windows\system32\cwbtfcrt.dll
2010-07-30 02:44:52 163840 ----a-w- c:\windows\system32\cwbtfdlg.dll
2010-07-30 02:44:41 251 ----a-w- c:\windows\system32\drivers\hlldrvr.sys
2010-07-30 02:44:32 36864 ----a-w- c:\windows\system32\pcmfcenu.dll
2010-07-30 02:43:20 0 d-----w- c:\program files\IBM

==================== Find3M ====================

2010-08-07 00:52:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-07 00:52:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-25 17:07:24 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07:18 100880 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:03:12 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2008-11-09 01:45:32 2017321 -c--a-w- c:\program files\aresregular209_installer.exe
2001-09-10 15:10:36 61440 -c--a-w- c:\windows\inf\i386\onetUSD.dll
2001-09-06 15:58:14 139264 -c--a-w- c:\windows\inf\i386\Rtscan.dll
2001-08-18 01:43:24 32768 -c--a-w- c:\windows\inf\i386\Wiamicro.dll
2001-06-29 15:10:24 163840 -c--a-w- c:\windows\inf\i386\viceo.dll

============= FINISH: 14:37:12.83 ===============

hi,

Your log is a few days old, if you still need help post back.

hi,

Your log is a few days old, if you still need help post back.

sorry for the delay..here is my latest DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 14:49:20.74 on Mon 08/30/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.319.47 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iNTERNET Turbo\iDetect.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\www.cproxy.com\CPROXY.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\proxytorr\uTorrent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
E:\torrent\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hronline/epic/index.aspx
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.microsoft.com
uDefault_Search_URL = hxxp://google.com
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.microsoft.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.microsoft.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {49E64823-59D0-4B60-8780-E89895DE46ED} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Detect] c:\program files\internet turbo\iDetect.exe /auto
mRunServices: [Detect] c:\program files\internet turbo\iDetect.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Show all images in original quality - c:\program files\www.cproxy.com\originalAll.htm
IE: Show image in original quality - c:\program files\www.cproxy.com\original.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {0295AC8D-3284-434C-A23F-68002BADC8EB} = 8.8.8.8,8.8.4.4
TCP: {C491FBD0-9A8C-4225-A314-F8B70D4C9BBB} = 202.126.40.5 222.127.143.5
TCP: {E06F124E-9E6F-4429-A2C5-86C79C9B9DC7} = 202.138.128.50,202.138.128.54
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\SAPHTMLP.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\00stish2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1210541&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - OnlineSharing
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1210541&SearchSource=13
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\admin\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\00stish2.default\extensions\{2cd3c100-9961-4a31-bcd1-89fbe595770c}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\00stish2.default\extensions\{2cd3c100-9961-4a31-bcd1-89fbe595770c}\components\RadioWMPCore.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 wgppnt;wgppnt;c:\windows\system32\drivers\wgppnt.sys [2008-11-13 38212]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2008-5-29 26624]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\inmkvn.sys --> c:\windows\system32\drivers\inmkvn.sys [?]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-25 102656]
S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eboost.sys --> c:\windows\system32\drivers\eBoost.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 hfwmppb;hfwmppb;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-9-17 37488]
S3 NetHook_ControlCenter;ArtOfPing ControlCenter;\??\c:\program files\autotunnel gg\controlcenter.sys --> c:\program files\autotunnel gg\ControlCenter.sys [?]
S3 NetHook_Interceptor;ArtOfPing TDI Interceptor;\??\c:\program files\autotunnel gg\interceptor.sys --> c:\program files\autotunnel gg\Interceptor.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-08-26 19:23:25 2718 --sha-w- c:\windows\setup_9.0.0.722_23.08.2010_09-47drv.spi
2010-08-23 09:15:21 0 d-----w- c:\docume~1\admin\applic~1\Wireshark
2010-08-23 09:10:17 0 d-----w- c:\program files\WinPcap
2010-08-23 09:09:27 0 d-----w- c:\program files\Wireshark
2010-08-21 18:46:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-21 17:40:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-21 17:40:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-21 17:20:06 8 --sha-r- c:\documents and settings\admin\ntuser.pol
2010-08-21 17:17:15 0 d--h--w- c:\windows\system32\GroupPolicy
2010-08-21 14:08:05 5632 --sha-w- c:\windows\Thumbs.db
2010-08-21 14:08:04 5632 --sha-w- c:\windows\system32\Thumbs.db
2010-08-21 08:32:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 08:32:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 08:32:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 07:55:07 4608 ------w- c:\windows\system32\chkvdisk.exe
2010-08-18 07:52:43 0 d-----w- c:\windows\system32\configfix
2010-08-18 07:52:35 0 d-----w- c:\program files\Shield
2010-08-17 10:11:34 0 d-----w- C:\VundoFix Backups
2010-08-15 14:52:28 0 d-----w- c:\docume~1\admin\applic~1\Tor
2010-08-15 14:52:22 0 d-----w- c:\program files\Vidalia Bundle
2010-08-07 00:56:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-08-07 00:55:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-08-07 00:53:07 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-08-07 00:53:07 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-08-07 00:46:58 0 d-----w- c:\program files\common files\PCSuite
2010-08-07 00:46:34 0 d-----w- c:\program files\common files\Nokia
2010-08-07 00:45:08 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-07 00:43:39 0 d-----w- c:\program files\PC Connectivity Solution
2010-08-07 00:43:18 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-08-07 00:43:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-08-07 00:43:16 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-08-07 00:43:11 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-08-07 00:43:11 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-08-07 00:43:11 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

==================== Find3M ====================

2010-08-07 00:52:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-07 00:52:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-25 17:07:24 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07:18 100880 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:03:12 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2008-11-09 01:45:32 2017321 -c--a-w- c:\program files\aresregular209_installer.exe
2001-09-10 15:10:36 61440 -c--a-w- c:\windows\inf\i386\onetUSD.dll
2001-09-06 15:58:14 139264 -c--a-w- c:\windows\inf\i386\Rtscan.dll
2001-08-18 01:43:24 32768 -c--a-w- c:\windows\inf\i386\Wiamicro.dll
2001-06-29 15:10:24 163840 -c--a-w- c:\windows\inf\i386\viceo.dll

============= FINISH: 14:50:26.49 ===============

Do you have a current/updated antivirus app? I see you have malwarebytes see if you can update it and run it. If you cant run it in 'normal mode' you can boot into safe mode to run it. To reach safe mode you would tap the f8 key during a computer restart.
Chose the first option from the list: safe mode. Once at the safe mode desktop run malwarebytes.

We will also get another download to use. Same thing goes for it, if you cant launch it in normal mode then boot into safe mode and run it. Its called combofix, there is a guide to read first before you use it. Read through the guide then apply the directions on your own machine. Link to guide:


Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Do you have a current/updated antivirus app? I see you have malwarebytes see if you can update it and run it. If you cant run it in 'normal mode' you can boot into safe mode to run it. To reach safe mode you would tap the f8 key during a computer restart.
Chose the first option from the list: safe mode. Once at the safe mode desktop run malwarebytes.

We will also get another download to use. Same thing goes for it, if you cant launch it in normal mode then boot into safe mode and run it. Its called combofix, there is a guide to read first before you use it. Read through the guide then apply the directions on your own machine. Link to guide:


Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Sorry for the very late response, kinda busy this few days. I figured out that my laptop was infected with win32.salityaa virus, i knew this bec. my brother just run kaspersky removal tool out of my knowledge.

I really wanted to follow your advice, running malwarebytes on safe mode but safe mode is no avail, cannot run safe mode since it will just not continue booting on safe mode and restart again. running also Combofix was no luck since after download of the file, the file will be immediately corrupted and i guess virus is the one causing it.

I read about win32.salityaa virus and there are very less chances of success in removing this virus. Is there any possible effective way to completely get rid of these virus? Or a fresh reformat will solved? The files on the drive are very much important and on my thinking, how will i backup those files w/o carrying such virus.

Thank you very much for your time and looking forward for any better solution w/o reformat.

That virus you mention copies itself to all your .exe files. You have a boat load of these on your machine. It could also spread to other machines by copying files to usb then transferring to another machine.
Your brother must have ran this tool. (http://support.kaspersky.com/viruses/solutions?qid=208279889)
you might try running Dr Web and a online scan also. Really only guarantee is a reformat/reinstall. Links below:

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit icon to start the program.
* press start
* Allow the program to run the initial express scan
* This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
* Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
* Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
* During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
* Once the scan is complete, on the menu bar, click file and choose report list.
* Save the report to your desktop. The report will be called DrWeb.csv
* Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
* Close Dr.Web Cureit.
* Please post the Dr.Web.txt report in your next reply

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan