Virtumonde!! AGAIN!!!!

[niccorny]

Team spybot please help I've been infected by Virtumonde trojan for the second time, this because of some rar file that my brother downloaded in the internet...i did the best i could...please help me and look in to my problem (again)...thanks and hope some1 will help me again! here's my HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:50 AM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VMSnap3.exe
C:\WINDOWS\Domino.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7BC6B793-BBAA-4EED-9E56-8CBFA6F5BB03} - C:\WINDOWS\system32\byXNgFwu.dll
O2 - BHO: (no name) - {C17419FC-3D5F-4E05-8E8B-A6531AE2632F} - C:\WINDOWS\system32\pmnlJDUk.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RAM Idle] D:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [dllcache32.exe] C:\Documents and Settings\All Users\Application Data\dllcache32.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byXNgFwu - C:\WINDOWS\SYSTEM32\byXNgFwu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8102 bytes

Have a nice day!
------------------------------

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

[peku006]

Hi niccorny

1 - teatimer

• Please disable Teatimer as it may interfere with the fix.
  
  First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
  
  
  Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
    
  Don't forget to re-enable it, when your computer is clean.

2 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -

• Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

3 - uninstall list

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)
2. the uninstall list
3. a fresh HijackThis log

Thanks peku006

[niccorny]

Hello Peku006 appreciate your reply but I did some manual deletion and combination of tools and program to delete virtumonde! Thus, somehow I succeed, the detection in spybot of virtumonde disappeard and I think it was really gone. But just to make sure could you look on my fresh HJT and see if I am still infected with this trojan! thanks a bunch! ^_^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:12 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VMSnap3.exe
C:\WINDOWS\Domino.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4E74E985-6252-4630-854B-07DBE0D6472F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {C17419FC-3D5F-4E05-8E8B-A6531AE2632F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RAM Idle] D:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [dllcache32.exe] C:\Documents and Settings\All Users\Application Data\dllcache32.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wpnvjg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7862 bytes

What do you think sir? Am I still infected?

[peku006]

Hi niccorny

What do you think sir? Am I still infected?

Yes,your computer is infected

Just follow my instructions in my previous post

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW

Thanks peku006

[niccorny]

Hi Peku...sorry for the late reply got busy this weekends here's the combofix, uninstall and HJT logs:

1.) Combofix Log


ComboFix 08-09-05.05 - Dominic Caracter 2008-09-08 10:56:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.608 [GMT 8:00]
Running from: C:\Documents and Settings\Dominic Caracter\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominic Caracter\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf77ed7f5.txt
C:\WINDOWS\BMf77ed7f5.xml
C:\WINDOWS\system32\byXNgFwu.dll
C:\WINDOWS\system32\kUDJlnmp.ini
C:\WINDOWS\system32\kUDJlnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\wpnvjg.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-09-06 05:47 . 2008-09-06 05:47 <DIR> d-------- C:\Documents and Settings\Dominic Caracter\Application Data\BearShare
2008-09-05 12:51 . 2006-05-01 12:15 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-09-05 10:14 . 2008-09-05 10:28 <DIR> d-------- C:\VundoFix Backups
2008-09-03 02:02 . 2008-09-04 23:26 719 --a------ C:\WINDOWS\wininit.ini
2008-08-30 15:42 . 2008-09-01 15:34 <DIR> d-------- C:\Documents and Settings\Dominic Caracter\Application Data\uTorrent
2008-08-09 22:00 . <DIR> C:\Documents and Settings\Dominic Caracter\Application Data\NeroDigitalT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 18:24 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\Azureus
2008-09-05 22:12 --------- d-----w C:\Program Files\BearShare
2008-09-04 12:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 09:45 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\DNA
2008-08-31 08:44 --------- d-----w C:\Program Files\DNA
2008-08-31 07:17 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\Skype
2008-08-31 03:48 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\skypePM
2008-08-21 07:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-18 02:18 --------- d-----w C:\Program Files\Just Sudoku PE
2008-08-09 14:00 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\NeroDigital™
2008-08-07 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 12:41 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\TransRender
2008-08-03 12:41 --------- d-----w C:\Documents and Settings\Dominic Caracter\Application Data\Temporary
2008-07-20 03:17 --------- d-----w C:\Program Files\Skype
2008-07-20 03:17 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-20 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 01:20 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-14 09:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 09:10 --------- d-----w C:\Program Files\Vimicro
2008-07-14 08:45 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-11 11:34 --------- d-----w C:\Program Files\LimeWire
2008-07-11 03:41 --------- d-----w C:\Program Files\Lavasoft
2008-07-11 03:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-10 15:27 --------- d-----w C:\Program Files\Chikka
2008-07-10 11:38 --------- d-----w C:\Program Files\Java
2008-07-10 11:38 --------- d-----w C:\Program Files\Common Files\Java
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock(3).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(3).dll
.

------- Sigcheck -------

2007-08-07 03:41 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2007-08-07 03:41 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe

2005-03-02 08:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 17:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 16:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-12 21:29 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 08:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 16:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 09:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 17:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 17:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-12 21:25 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 08:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 17:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 17:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 18:23 1423360 e4368d08c22012b357bef3ba239ac667 C:\WINDOWS\explorer.exe
2007-06-13 19:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 18:23 1423360 e4368d08c22012b357bef3ba239ac667 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-12 21:19 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 18:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 18:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-07 949376]
"RAM Idle"="D:\Program Files\Customizer XP\RAMIdle.exe" [2002-06-11 104448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VMSnap3"="C:\WINDOWS\VMSnap3.exe" [2006-08-30 49152]
"Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 49152]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-09 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"D:\Rockman\rockman x4\ROCKMAN X4\RMX4.EXE"= RMX4.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wpnvjg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^trayit!.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\trayit!.exe
backup=C:\WINDOWS\pss\trayit!.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dominic Caracter^Start Menu^Programs^Startup^Shortcut to start.lnk]
path=C:\Documents and Settings\Dominic Caracter\Start Menu\Programs\Startup\Shortcut to start.lnk
backup=C:\WINDOWS\pss\Shortcut to start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dominic Caracter^Start Menu^Programs^Startup^TrayIt!.lnk]
path=C:\Documents and Settings\Dominic Caracter\Start Menu\Programs\Startup\TrayIt!.lnk
backup=C:\WINDOWS\pss\TrayIt!.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-07-26 13:48 3305472 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
--------- 2008-07-30 14:45 4891984 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-17 06:17 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\backups\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 vvftav303;vvftav303;C:\WINDOWS\system32\drivers\vvftav303.sys [2007-06-23 480128]
R3 ZSMC0303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys [2006-12-01 392122]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-16 13824]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\TCCpuInfo.sys [ ]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys [ ]
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys [ ]
S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys [ ]
S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys [ ]
S3 XDva035;XDva035;C:\WINDOWS\system32\XDva035.sys [ ]
S3 XDva052;XDva052;C:\WINDOWS\system32\XDva052.sys [ ]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [ ]
S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1ee350-9f80-11dc-b23e-00196627469c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32272b0-5e81-11dc-b108-00196627469c}]
\Shell\Auto\command - Recycled/dllcache32.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - Recycled/dllcache32.exe
\Shell\open\Command - Recycled/dllcache32.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{4E74E985-6252-4630-854B-07DBE0D6472F} - (no file)
BHO-{C17419FC-3D5F-4E05-8E8B-A6531AE2632F} - (no file)
HKLM-Run-BigDog303 - C:\WINDOWS\VM303_STI.EXE
HKLM-Explorer_Run-dllcache32.exe - C:\Documents and Settings\All Users\Application Data\dllcache32.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dominic Caracter\Application Data\Mozilla\Firefox\Profiles\5b652vnr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 10:59:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2008-09-08 11:01:25 - machine was rebooted [Dominic Caracter]
ComboFix-quarantined-files.txt 2008-09-08 03:01:23

Pre-Run: 14,025,940,992 bytes free
Post-Run: 13,976,322,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

245 --- E O F --- 2008-08-15 00:11:09



2.) Uninstall list Log


A4 TECH PC Camera H
A4 TECH PC Camera H
Ad-Aware
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0
Alarm 2.0.4
Azureus Vuze
BearShare
Chikka Messenger V4
CIA Test Prep
CoffeeRO V. 1.0
Devil May Cry 3 Special Edition
DietMP3 4.03.00
DriverAgent by TouchStone Software
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
ESC58_59 User's Guide
FLV Player 1.3.3
GG E-Sports Platform
Gleim's CIA Test Prep 4.2
Granado Espada
Guitar Pro 5.2
Hamachi 1.0.2.3
HangARoo v2.052
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
IsoBuster 2.4
Java(TM) 6 Update 7
Just Sudoku - Professional Edition 1.1
K-Lite Mega Codec Pack 3.5.3
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
myGlobe IM (3.0.48)
Nero 8
neroxml
NOD32 antivirus system
NOD32 FiX v2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PC Connectivity Solution
Pcsx2 0.9.2 Watermoose
PIF DESIGNER
RagnarokOnline-Valkyrie
Rain
Realtek High Definition Audio Driver
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Special Force
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
Super TextTwist
SWiSHmax
Total Video Converter 3.02
Treasures of Ancient Cavern
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB943729)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VCRedistSetup
Vista Transformation Pack 8.0
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar


3.) Fresh HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:29 AM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VMSnap3.exe
C:\WINDOWS\Domino.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RAM Idle] D:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wpnvjg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7168 bytes


Note: Sir i didnt uninstall Azureus I read the link about p2p i saw that Azureus is under the CLEAN category and for I've been using this torrent tool for quite some time. Uninstall Utorrent instead.

Good day

[peku006]

Hi niccorny

Before we continue.......

There are still signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BearShare
Azureus

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW

We will withdraw our help should you not agree to their removal.

Do you know what this program is? NOD32 FiX v2.1

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

Thanks peku006

[niccorny]

Hays! alright alright! Removed Azureus and Bareshare!

Do you know what this program is? NOD32 FiX v2.1

I'm afraid not...why? does it have something to do with my antivirus?

[peku006]

Hi niccorny

NOD32 FiX v2.1 is NOD32 antivirus crack.....you should remove it immediately

there are decent free anti-virus programs you can use, such as Avast! or AVG Free.

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

Please post a new uninstall list

Thanks peku006

[niccorny]

T_T you mean I should remove NOD32 completely?? OK...read the policy that this forum impose to those who want to be helped...(that you dont support cracked programs). I've downloaded avira installed it. And after updating it suddenly it detects a trojan at c:\windows\system32\wowfx.dll. I kept on clicking delete, etc and it still comes back plus the beeping sounds really annoys and scares me! That why I stopped its process uninstalled it and try downloading AVG this time (I am downloading AVG as I write my reply)...I'll post my uninstall list if AVG doesnt interruptive as avira! sorry sir to kept you waiting T_T but I am willing to cooperate!

[niccorny]

Still the same happens on AVG...it still detect and prompt me! That a trojan found at C:\WINDOWS\system32\wowfx.dll but without the beeping sounds as AVIRA...I think I'll stick with avg! Can we now proceed?? Here a new uninstall list.

A4 TECH PC Camera H
A4 TECH PC Camera H
Ad-Aware
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0
Alarm 2.0.4
altcompare
AVG Free 8.0
Chikka Messenger V4
CIA Test Prep
CoffeeRO V. 1.0
Devil May Cry 3 Special Edition
DietMP3 4.03.00
DriverAgent by TouchStone Software
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
ESC58_59 User's Guide
FLV Player 1.3.3
GG E-Sports Platform
Gleim's CIA Test Prep 4.2
Granado Espada
Guitar Pro 5.2
Hamachi 1.0.2.3
HangARoo v2.052
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
IsoBuster 2.4
Java(TM) 6 Update 7
Just Sudoku - Professional Edition 1.1
K-Lite Mega Codec Pack 3.5.3
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
myGlobe IM (3.0.48)
Nero 8
neroxml
NOD32 FiX v2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PC Connectivity Solution
Pcsx2 0.9.2 Watermoose
PIF DESIGNER
RagnarokOnline-Valkyrie
Rain
Realtek High Definition Audio Driver
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Special Force
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
Super TextTwist
SWiSHmax
Total Video Converter 3.02
Treasures of Ancient Cavern
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB943729)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VCRedistSetup
Vista Transformation Pack 8.0
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar