About year and a half ago, I contracted the Virtumonde/Vundo nonsense. There was very little effective information on it back then, and I managed to incapacitate it with a combination of tools, registry edits, and manual file deletions, one tool being a cleaner made specifically for Vundo malware. I killed it to the point where it no longer seemed to be functioning, and that was good enough at the time. I do not believe I removed it entirely, and until now it has been dormant. Today, out of the middle of nowhere, I got a popup tab in FireFox. This being the first unexpected ad I'd seen in about a year, I ran Spybot, and sure enough, Virtumonde is back. I kindly request assistance in removing this plague completely, once and for all from my computer. My HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:43 PM, on 10/27/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\Program Files\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\netdde.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\tcpsvcs.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\conime.exe
F:\Program Files\Orb Networks\Orb\bin\Orb.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\WINDOWS\system32\taskswitch.exe
F:\Program Files\UltraMon\UltraMon.exe
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
F:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Gateway\EzTune\DTHtml.exe
F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\Portrait Displays\Pivot Software\floater.exe
F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
F:\Program Files\SpeedFan\speedfan.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
F:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Program Files\Mozilla Firefox\firefox.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 208.69.57.87game01.us.segaonline.jp
O1 - Hosts: 208.69.57.87 patch01.us.segaonline.jp
O1 - Hosts: 208.69.57.87 game01.psobb.segaonline.jp
O1 - Hosts: 208.69.57.87 patch01.psobb.segaonline.jp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PivotSoftware] "F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Orb] F:\Program Files\Winamp Remote\bin\OrbTray.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Orb] F:\Program Files\Winamp Remote\bin\OrbTray.exe (User 'Default user')
O4 - Startup: Gateway Rightside.lnk = ?
O4 - Startup: SpeedFan.lnk = F:\Program Files\SpeedFan\speedfan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight Pro - F:\PROGRA~1\Getright\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - F:\PROGRA~1\Getright\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201577205390
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll wcmdbk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: OrbMediaService - Orb Networks - F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 13906 bytes

Hi SonicSmash

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

When I hit save, HJT closed without saving anything. I renamed HJT and tried again. Worked that time. Let me give you the first four entries since HJT makes them unreadable:
アカツキ電光戦記 (Akatsuki Blitzkampf)
µTorrent
東方風神録 ver 1.00a (Touhou Fuujinroku)
東方緋想天 Ver1.04 (Touhou Hisouten)

This is the actual log:

?A?J?c?L“d?o?i?L
?ETorrent
“??u???_?^ ver 1.00a
“??u”e‘z“V Ver1.04
‰c?¨?d?e Uwabami Breakers Ver.C73
7-Zip 4.42
7-Zip Addon Pack
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.0.8
Adobe Reader for Pocket PC 2.0
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AG_SYS Screen Saver
AGEIA PhysX v7.09.13
AHV content for Acrobat and Flash
Alt-Tab Task Switcher Powertoy for Windows XP
A-Mac Address Change 5.3
Anvil Studio
AOL Instant Messenger
Apple Software Update
ASIO4ALL
Aspell English Dictionary-0.50-2
Assegai Screen Saver
Audacity 1.3.5 (Unicode)
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Avanquest update
AVG Free 8.0
AVPM-Setup
BitPim 1.0.4.20071224
BLM 2.6.5
BT8010 Control Center version 1.3
Calculator Powertoy for Windows XP
Canon ScanGear Toolbox CS 2.2
CCleaner (remove only)
CD/DVD-ROM Generator 2.00
CmdHere Powertoy For Windows XP
Collab
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
Conduits Pocket Artist
Cortex Command Build 20
Dell Printer Software Uninstall
DESCENT II
DivX Web Player
Dynamic Library v1.03
EGX Screen Saver
ElectricSheep 2.6.6
Enhanced Sound Card Driver 8.0
EPSON Printer Software
Exact Audio Copy 0.95b4
EzTune
FEAR
Feisar Screen Saver
feisar_saver
Final Fantasy VII - Ultima Edition
Final Fantasy VII XP Patch
FL Studio 8
Flash Renamer 6.02
Game Maker 6.1
Game Maker 7.0
Geiss2 for Winamp 2x (remove only)
GIF Movie Gear 4.1.2
GNU Aspell 0.50-3
Google Earth
Google Gears
Google Gmail Notifier
Google SketchUp 6
Google SketchUp 6
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Updater
Goteki Screen Saver
GTK+ Runtime 2.10.11 rev b (remove only)
GUILTY GEAR XX ?”RELOAD
Guitar Pro 5.0
Hamachi 1.0.2.2
Hex Workshop v5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
hx2000b WM5 Drivers Update
ID3-TagIT 3
IIS 6.0 Resource Kit Tools
ijji - Gunz
ijji Auto Installer
IL Download Manager
Image Resizer Powertoy for Windows XP
iPAQ Micro Keyboard
IrisAPE 1.0
IsoBuster 2.1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 1
Java(TM) SE Runtime Environment 6 Update 1
JCreator LE 4.00
JMB36X Raid Configurer
KAWAI ?X?R?A?v???[???[4.0
KAWAI ?X?R?A?v???[???[FX
KeyControl v1.02 (remove only)
K-Lite Codec Pack 2.77 Full
ksColorPick
LiveUpdate
Lunia
LuniaGSP
M3 GAME Manager Uninstall
Magic ISO Maker v5.3 (build 0216)
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.4 (build 0251)
Manga Reader v1.2.6
MapleStory
Marvell Miniport Driver
Matrix-ks
MELTY BLOOD Act Cadenza Ver.B Windows”A
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - “u?{?e
Microsoft .NET Framework 3.5 Language Pack - jpn
Microsoft ActiveSync
Microsoft AppLocale
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation RATTV3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2005 Express Edition - ENU
Microsoft Visual J# 2005 Express Edition - ENU
Microsoft Visual J# 2005 Express Edition - ENU Service Pack 1 (KB926750)
Microsoft Windows Application Compatibility Database
middle_man
Ml_Icons 0.3
Motorola Driver Installation
Motorola Phone Tools
Motorola PST
Mozilla Firefox (3.0.3)
Mozilla Thunderbird (1.5.0.10)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Mulimedia Logic
Nero 7.2.3.2
NetBeans IDE 5.5
NVIDIA Drivers
NVIDIA nTune
O&O Defrag Professional Edition
OpenOffice.org Installer 1.0
Orb
PackageFactory for U3 (build 100)
Pandora's GUI
PDAwin TV remote controller
PDF Settings
PeerGuardian 2.0
Phantasy Star Online Blue Burst 1.0
Piranha Screen Saver
Pivot Software
Playlist Creator 3
Pocket RAR documentation
PoiZone
Power Tab Editor 1.7
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
Project64 1.6
PSP Video 9 2.25
Qirex Screen Saver
QPST
QuickGamma 2.0.0.3
QuickTime
QuickTime Alternative 1.81
RAGNAROK BATTLE OFFLINE 1.0
RapidLeecher Ultimate 2007
RBO Extra Scenario Vol.1
RBO Extra Scenario Vol.2
RBO Extra Scenario Vol.3
Real Alternative 1.50
Realtek High Definition Audio Driver
Regular Expression Laboratory 1.0
SDK
Seagate?DiscWizard
Security Task Manager 1.7d
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Send To Extensions PowerToy
Sony Sound Forge 8.0d
Sothink SWF Decompiler
SpaceCowboy
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SqrSoftR Advanced Crossfading (remove only)
SSH Secure Shell
Stereogram Explorer 2.4
Stereogram Screensaver v1.0
System Requirements Lab
TCPMP
Thermal Analysis Tool
Triakis Screen Saver
Tweak UI
UltraFXP (remove only)
UltraISO Premium V8.2
UltraMon
Update for Windows Media Player 10 (KB926251)
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
ViewSonic Monitor Drivers
Virtual Desktop Manager Powertoy for Windows XP
Visual IRC 2.0
vixy converter uninstall
VNC Free Edition 4.1.2
WD Diagnostics
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp
Winamp 5 Color Editor (remove only)
Winamp Wecker
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Sniper
Windows Support Tools
Windows XP Service Pack 3
WinHTTrack Website Copier 3.41-3
WinMobile Torrent
WinPcap 4.0.1
WinRAR archiver
WinRAR Themes Addon
XML Paper Specification Shared Components Language Pack 1.0
YAMAHA Digital Music Notebook

Thanks

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
WinMobile Torrent

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

Please note that the problem has worsened. I can no longer reliably boot my computer without resorting to safe mode.

Here is the log:

?A?J?c?L�gd?o?i?L
�g??u???_?^ ver 1.00a
�g??u�he�ez�gV Ver1.04
�ñc?�N?d?e Uwabami Breakers Ver.C73
7-Zip 4.42
7-Zip Addon Pack
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.0.8
Adobe Reader for Pocket PC 2.0
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AG_SYS Screen Saver
AGEIA PhysX v7.09.13
AHV content for Acrobat and Flash
Alt-Tab Task Switcher Powertoy for Windows XP
A-Mac Address Change 5.3
Anvil Studio
AOL Instant Messenger
Apple Software Update
ASIO4ALL
Aspell English Dictionary-0.50-2
Assegai Screen Saver
Audacity 1.3.5 (Unicode)
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Avanquest update
AVG Free 8.0
AVPM-Setup
BitPim 1.0.4.20071224
BLM 2.6.5
BT8010 Control Center version 1.3
Calculator Powertoy for Windows XP
Canon ScanGear Toolbox CS 2.2
CCleaner (remove only)
CD/DVD-ROM Generator 2.00
CmdHere Powertoy For Windows XP
Collab
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
Conduits Pocket Artist
Cortex Command Build 20
Dell Printer Software Uninstall
DESCENT II
DivX Web Player
Dynamic Library v1.03
EGX Screen Saver
ElectricSheep 2.6.6
Enhanced Sound Card Driver 8.0
EPSON Printer Software
Exact Audio Copy 0.95b4
EzTune
FEAR
Feisar Screen Saver
feisar_saver
Final Fantasy VII - Ultima Edition
Final Fantasy VII XP Patch
FL Studio 8
Flash Renamer 6.02
Game Maker 6.1
Game Maker 7.0
Geiss2 for Winamp 2x (remove only)
GIF Movie Gear 4.1.2
GNU Aspell 0.50-3
Google Earth
Google Gears
Google Gmail Notifier
Google SketchUp 6
Google SketchUp 6
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Updater
Goteki Screen Saver
GTK+ Runtime 2.10.11 rev b (remove only)
GUILTY GEAR XX ?�hRELOAD
Guitar Pro 5.0
Hamachi 1.0.2.2
Hex Workshop v5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
hx2000b WM5 Drivers Update
ID3-TagIT 3
IIS 6.0 Resource Kit Tools
ijji - Gunz
ijji Auto Installer
IL Download Manager
Image Resizer Powertoy for Windows XP
iPAQ Micro Keyboard
IrisAPE 1.0
IsoBuster 2.1
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 1
Java(TM) SE Runtime Environment 6 Update 1
JCreator LE 4.00
JMB36X Raid Configurer
KAWAI ?X?R?A?v???[???[4.0
KAWAI ?X?R?A?v???[???[FX
KeyControl v1.02 (remove only)
K-Lite Codec Pack 2.77 Full
ksColorPick
LiveUpdate
Lunia
LuniaGSP
M3 GAME Manager Uninstall
Magic ISO Maker v5.3 (build 0216)
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.4 (build 0251)
Manga Reader v1.2.6
MapleStory
Marvell Miniport Driver
Matrix-ks
MELTY BLOOD Act Cadenza Ver.B Windows�hA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - �gu?{?e
Microsoft .NET Framework 3.5 Language Pack - jpn
Microsoft ActiveSync
Microsoft AppLocale
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation RATTV3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2005 Express Edition - ENU
Microsoft Visual J# 2005 Express Edition - ENU
Microsoft Visual J# 2005 Express Edition - ENU Service Pack 1 (KB926750)
Microsoft Windows Application Compatibility Database
middle_man
Ml_Icons 0.3
Motorola Driver Installation
Motorola Phone Tools
Motorola PST
Mozilla Firefox (3.0.3)
Mozilla Thunderbird (1.5.0.10)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Mulimedia Logic
Nero 7.2.3.2
NetBeans IDE 5.5
NVIDIA Drivers
NVIDIA nTune
O&O Defrag Professional Edition
OpenOffice.org Installer 1.0
Orb
PackageFactory for U3 (build 100)
Pandora's GUI
PDAwin TV remote controller
PDF Settings
PeerGuardian 2.0
Phantasy Star Online Blue Burst 1.0
Piranha Screen Saver
Pivot Software
Playlist Creator 3
Pocket RAR documentation
PoiZone
Power Tab Editor 1.7
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
Project64 1.6
PSP Video 9 2.25
Qirex Screen Saver
QPST
QuickGamma 2.0.0.3
QuickTime
QuickTime Alternative 1.81
RAGNAROK BATTLE OFFLINE 1.0
RapidLeecher Ultimate 2007
RBO Extra Scenario Vol.1
RBO Extra Scenario Vol.2
RBO Extra Scenario Vol.3
Real Alternative 1.50
Realtek High Definition Audio Driver
Regular Expression Laboratory 1.0
SDK
Seagate?DiscWizard
Security Task Manager 1.7d
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Send To Extensions PowerToy
Sony Sound Forge 8.0d
Sothink SWF Decompiler
SpaceCowboy
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SqrSoftR Advanced Crossfading (remove only)
SSH Secure Shell
Stereogram Explorer 2.4
Stereogram Screensaver v1.0
System Requirements Lab
TCPMP
Thermal Analysis Tool
Triakis Screen Saver
Tweak UI
UltraFXP (remove only)
UltraISO Premium V8.2
UltraMon
Update for Windows Media Player 10 (KB926251)
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
ViewSonic Monitor Drivers
Virtual Desktop Manager Powertoy for Windows XP
Visual IRC 2.0
vixy converter uninstall
VNC Free Edition 4.1.2
WD Diagnostics
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp
Winamp 5 Color Editor (remove only)
Winamp Wecker
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Sniper
Windows Support Tools
Windows XP Service Pack 3
WinHTTrack Website Copier 3.41-3
WinPcap 4.0.1
WinRAR archiver
WinRAR Themes Addon
XML Paper Specification Shared Components Language Pack 1.0
YAMAHA Digital Music Notebook

I also cannot access the safer-networking.org website or the spybot.info forums any longer. I am using a second computer for this right now.

Please then use that another computer for transferring logs/tools from now on.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Combofix finished, but the log it produced was empty and I was unable to find Combofix.txt on the root of any of my drives..

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:31 PM, on 10/30/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\netdde.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
F:\WINDOWS\system32\tcpsvcs.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\conime.exe
F:\Program Files\Orb Networks\Orb\bin\Orb.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\WINDOWS\system32\taskswitch.exe
F:\Program Files\UltraMon\UltraMon.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
F:\Program Files\Portrait Displays\Pivot Software\floater.exe
F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
F:\Program Files\SpeedFan\speedfan.exe
F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E4B4508-9EB5-4363-80CE-B88B1AABEA47} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AD2DE490-21F0-44D3-9E3E-1F5DED8E3CC1} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {D4377B05-A5B9-44E5-B85A-F47F6D16916C} - (no file)
O2 - BHO: (no name) - {FCB1C960-4EF6-4D7E-A2F7-E30E33173F76} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PivotSoftware] "F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Orb] "F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Gateway Rightside.lnk = ?
O4 - Startup: SpeedFan.lnk = F:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201577205390
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: khfDVmJY - F:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: OrbMediaService - Orb Networks - F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 13493 bytes

Please re-run it and let me know if you can now find its log :)

Got it this time ComboFix Log:

ComboFix 08-10-30.09 - GameKyuubi 2008-10-31 10:50:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.393 [GMT -7:00]
Running from: F:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 11:18 . 2008-10-31 11:18 <DIR> d--hs---- F:\found.000
2008-10-28 22:22 . 2008-10-28 22:22 1,032,627 --ahsc--- F:\WINDOWS\system32\osavyfsh.ini
2008-10-28 17:01 . 2008-04-23 14:02 157,152 --a--c--- F:\WINDOWS\system32\PubPlugin.dll
2008-10-28 16:55 . 2008-10-28 16:55 <DIR> d----c--- F:\rsit
2008-10-27 23:25 . 2008-10-27 23:25 <DIR> d----c--- F:\Program Files\Trend Micro
2008-10-27 22:20 . 2008-10-27 22:20 1,045,153 --ahsc--- F:\WINDOWS\system32\ajxfnfbb.ini
2008-10-27 21:50 . 2008-10-27 21:50 <DIR> d----c--- F:\Program Files\Lavasoft
2008-10-27 21:49 . 2008-10-27 21:52 <DIR> d----c--- F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-27 18:36 . 2008-10-28 23:40 211 --a--c--- F:\WINDOWS\wininit.ini
2008-10-27 12:10 . 2008-10-27 12:10 1,045,153 --ahsc--- F:\WINDOWS\system32\pughinfp.ini
2008-10-21 02:54 . 2008-10-31 16:43 16 --a--c--- F:\WINDOWS\system32\wpfb.dat
2008-10-21 02:48 . 2008-10-21 02:48 <DIR> d----c--- F:\Program Files\Portrait Displays
2008-10-21 02:48 . 2008-10-21 02:48 62,009 --a--c--- F:\WINDOWS\system32\wpfb_nv4_disp.dll
2008-10-21 02:48 . 2007-02-09 12:17 62,009 --a--c--- F:\WINDOWS\system32\WPFB.DLL
2008-10-21 02:48 . 2007-02-09 12:17 17,465 --a--c--- F:\WINDOWS\system32\drivers\pivot.sys
2008-10-21 02:48 . 2007-02-09 12:17 11,323 --a--c--- F:\WINDOWS\system32\drivers\pivotmou.sys
2008-10-21 02:48 . 2004-11-22 12:07 2,304 --a--c--- F:\WINDOWS\system32\Machnm32.sys
2008-10-21 02:46 . 2008-10-21 02:46 <DIR> d----c--- F:\Program Files\Gateway
2008-10-21 02:46 . 2008-10-21 02:46 <DIR> d----c--- F:\Program Files\Common Files\Portrait Displays
2008-10-09 03:20 . 2008-10-09 03:20 <DIR> d----c--- F:\Program Files\SourceTec
2008-10-09 03:20 . 2008-10-09 03:20 <DIR> d----c--- F:\Program Files\Common Files\SourceTec
2008-10-09 02:52 . 2008-10-09 02:52 <DIR> d----c--- F:\Program Files\DComSoft
2008-09-25 01:16 . 2008-09-25 01:16 <DIR> d----c--- F:\Program Files\BestGameEver
2008-09-24 19:16 . 2008-09-24 19:16 <DIR> d----c--- F:\Program Files\Common Files\Apple
2008-09-24 19:15 . 2008-09-24 19:15 <DIR> d----c--- F:\Program Files\Apple Software Update
2008-09-24 19:15 . 2008-09-24 19:15 <DIR> d----c--- F:\Documents and Settings\All Users\Application Data\Apple
2008-09-20 21:41 . 2008-09-24 21:23 <DIR> d----c--- F:\Program Files\Phantasy Star Online Blue Burst
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a--c--- F:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a--c--- F:\WINDOWS\system32\QuickTime.qts
2008-09-06 13:58 . 2008-09-06 13:58 <DIR> d----c--- F:\Program Files\Replay Radio 6
2008-09-06 13:58 . 2001-12-06 18:26 41,984 --a--c--- F:\WINDOWS\system32\APTRRNTm.dll
2008-09-06 13:58 . 2001-12-06 18:26 36,864 --a--c--- F:\WINDOWS\system32\APTRRNTl.dll
2008-09-03 03:58 . 2008-09-03 03:58 54,156 --ah-c--- F:\WINDOWS\QTFont.qfn
2008-09-03 03:58 . 2008-09-03 03:58 1,409 --a--c--- F:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 23:43 --------- dc----w F:\Program Files\SpeedFan
2008-10-31 17:52 --------- dc----w F:\Program Files\PeerGuardian2
2008-10-31 01:02 --------- dc----w F:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-30 23:36 --------- dc----w F:\Documents and Settings\All Users\Application Data\avg8
2008-10-29 21:47 --------- dc----w F:\Program Files\uTorrent
2008-10-29 21:47 --------- dc----w F:\Program Files\Microsoft ActiveSync
2008-10-29 05:57 --------- dc----w F:\Program Files\Spybot - Search & Destroy
2008-10-29 00:41 --------- dc----w F:\Program Files\Java
2008-10-28 21:21 --------- dc-h--w F:\Program Files\InstallShield Installation Information
2008-10-28 21:21 --------- dc----w F:\Program Files\YAMAHA
2008-10-28 20:52 --------- dc----w F:\Program Files\Easy Duplicate Finder
2008-10-28 04:48 --------- dc----w F:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 01:37 --------- dc----w F:\Documents and Settings\Administrator\Application Data\uTorrent
2008-10-24 02:29 --------- dc----w F:\Program Files\Tsukihime
2008-10-22 01:59 --------- dc----w F:\Documents and Settings\Administrator\Application Data\Audacity
2008-10-21 22:16 --------- dc----w F:\Program Files\vixy.net
2008-10-21 09:54 --------- dc----w F:\Documents and Settings\Administrator\Application Data\DisplayTune
2008-10-21 08:17 --------- dc----w F:\Program Files\SystemRequirementsLab
2008-10-21 08:17 --------- dc----w F:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-10-07 20:33 6,133,856 -c--a-w F:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-28 08:45 --------- dc----w F:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-26 23:43 --------- dc----w F:\Documents and Settings\Administrator\Application Data\U3
2008-09-25 02:16 --------- dc----w F:\Program Files\QuickTime Alternative
2008-09-25 02:16 --------- dc----w F:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-17 11:36 --------- dc----w F:\Program Files\MSECACHE
2008-09-08 09:25 --------- dc----w F:\Program Files\Audacity 1.3 Beta (Unicode)
2008-09-06 20:58 737,280 -c--a-w F:\WINDOWS\iun6002.exe
2007-12-21 06:13 92,064 -c--a-w F:\Documents and Settings\Administrator\mqdmmdm.sys
2007-12-21 06:13 9,232 -c--a-w F:\Documents and Settings\Administrator\mqdmmdfl.sys
2007-12-21 06:13 79,328 -c--a-w F:\Documents and Settings\Administrator\mqdmserd.sys
2007-12-21 06:13 66,656 -c--a-w F:\Documents and Settings\Administrator\mqdmbus.sys
2007-12-21 06:13 6,208 -c--a-w F:\Documents and Settings\Administrator\mqdmcmnt.sys
2007-12-21 06:13 5,936 -c--a-w F:\Documents and Settings\Administrator\mqdmwhnt.sys
2007-12-21 06:13 4,048 -c--a-w F:\Documents and Settings\Administrator\mqdmcr.sys
2007-12-21 06:13 25,600 -c--a-w F:\Documents and Settings\Administrator\usbsermptxp.sys
2007-12-21 06:13 22,768 -c--a-w F:\Documents and Settings\Administrator\usbsermpt.sys
2007-07-06 06:10 263,985,711 -c--a-w F:\Program Files\アカツキ電光戦記.rar
2006-06-27 00:07 1,333,672 -c--a-w F:\Documents and Settings\Administrator\vxworks_prep_v03.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="F:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Orb"="F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2008-05-13 507904]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
"NVIDIA nTune"="F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="F:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="F:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"CoolSwitch"="F:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"UltraMon"="F:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"IMJPMIG8.1"="F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2002-12-31 208952]
"MSPY2002"="F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"36X Raid Configurer"="F:\WINDOWS\system32\xRaidSetup.exe" [2007-11-19 1970176]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 1232152]
"DiscWizardMonitor.exe"="F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 1169744]
"AcronisTimounterMonitor"="F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688]
"Acronis Scheduler2 Service"="F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024]
"JMB36X IDE Setup"="F:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"PivotSoftware"="F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT GWY"="F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-25 81920]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2008-10-07 F:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 F:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]

F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Gateway Rightside.lnk - F:\Documents and Settings\Administrator\Application Data\Realtime Soft\UltraMon\Profiles\Gateway Rightside.umprofile [2008-04-24 263]
SpeedFan.lnk - F:\Program Files\SpeedFan\speedfan.exe [2008-04-22 3287552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"MemCheckBoxInRunDlg"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"aux1"= ctwdm32.dll
"midi2"= xgusb.cpl
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKLM\~\startupfolder\F:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Default1.lnk]
path=F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Default1.lnk
backup=F:\WINDOWS\pss\Default1.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Normal.lnk]
backup=F:\WINDOWS\pss\Normal.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Administrator^Start Menu^Programs^Startup^SpeedFan.lnk]
path=F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpeedFan.lnk
backup=F:\WINDOWS\pss\SpeedFan.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
backup=F:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^RATT.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\RATT.lnk
backup=F:\WINDOWS\pss\RATT.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
F:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
F:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a--c--- 2002-03-19 18:30 45632 F:\WINDOWS\system32\TaskSwitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2008-02-12 15:59 15360 F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-08-22 05:06 167368 F:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
-ra--c--- 2006-07-12 02:58 356352 F:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a--c--- 2006-11-13 13:39 1289000 F:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2002-12-31 05:00 208952 F:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2004-08-04 05:00 59392 F:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2008-10-07 13:33 13574144 F:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2008-10-07 13:33 86016 F:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a--c--- 2005-09-18 18:40 1421824 F:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 05:00 455168 F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 05:00 455168 F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
--a--c--- 2006-10-12 22:27 304640 F:\Program Files\UltraMon\UltraMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 14:19 15872 F:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a--c--- 2005-07-15 14:48 479232 F:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 18:43 69632 F:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2008-10-07 13:33 1630208 F:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a--c--- 2007-06-15 16:45 1826816 F:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HMHZHC"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"F:\\Downloads\\Games\\PC\\Touhou\\th105_t_w\\th105.exe"=
"H:\\Downloads\\[Shanghai Alice] Touhou 01-9.5\\Immaterial and Missing Power\\Immaterial And Missing Power\\th075Caster060419p79.exe"=
"F:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"F:\\Program Files\\EcoleSoftware\\MBACWIN\\mbcaster.exe"=
"F:\\Program Files\\tasofro\\th105\\th105.exe"=
"F:\\Program Files\\AIM\\aim.exe"=
"F:\\Program Files\\tasofro\\Immaterial And Missing Power\\CowCaster.exe"=
"F:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"F:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"F:\\WINDOWS\\system32\\ElectricSheep.scr"=
"F:\\Program Files\\Phantasy Star Online Blue Burst\\online.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 jahci;jahci;F:\WINDOWS\system32\drivers\jahci.sys [2002-12-31 33280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;F:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 96520]
R1 Pivot;Pivot;F:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 17465]
R2 AvgTdiX;AVG Free8 Network Redirector;F:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 76040]
R2 PdiService;Portrait Displays SDK Service;F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-21 90112]
R2 UltraMonUtility;UltraMon Utility Driver;F:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;F:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 11323]
R3 UltraMonMirror;UltraMonMirror;F:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;F:\Program Files\VMLaunch\BuddyVM.sys [ ]
S3 avg8emc;AVG Free8 E-mail Scanner;F:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-15 873752]
S3 avg8wd;AVG Free8 WatchDog;F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 231192]
S3 EPUSBSTOR;EPSON USB Storage Driver;F:\WINDOWS\system32\DRIVERS\epusbsto.sys [2001-09-10 17976]
S3 MCHPUSB;MCHPUSB;F:\WINDOWS\system32\drivers\mchpusb.sys [2004-11-22 61440]
S3 MotDev;Motorola Inc. USB Device;F:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 p2pgasvc;Peer Networking Group Authentication;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S3 p2pimsvc;Peer Networking Identity Manager;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S3 p2psvc;Peer Networking;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S4 HMHZHC;HMHZHC;F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HMHZHC.exe [ ]
S4 TCCrystalCpuInfo;TCCrystalCpuInfo;F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TCCpuInfo.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360cabec-721f-11dc-859e-001a4d62a108}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dae3e62-b517-11dc-85d3-001a4d62a108}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dae3e66-b517-11dc-85d3-001a4d62a108}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b344c3d3-5393-11dd-9803-001b41000e99}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{381BC520-8442-004F-0600-030802080700}]
F:\WINDOWS\system32\MSWINHOOK32.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-31 F:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 01:07]

2008-10-27 F:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1E4B4508-9EB5-4363-80CE-B88B1AABEA47} - (no file)
BHO-{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - (no file)
BHO-{AD2DE490-21F0-44D3-9E3E-1F5DED8E3CC1} - (no file)
BHO-{D4377B05-A5B9-44E5-B85A-F47F6D16916C} - (no file)
BHO-{FCB1C960-4EF6-4D7E-A2F7-E30E33173F76} - (no file)
Notify-khfDVmJY - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g8yzsnls.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en
FF -: plugin - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - F:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - F:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
FF -: plugin - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 16:43:04
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\system32\netdde.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\msdtc.exe
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
F:\WINDOWS\system32\locator.exe
F:\WINDOWS\system32\tcpsvcs.exe
F:\Program Files\Orb Networks\Orb\bin\Orb.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\conime.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\Program Files\Gateway\EzTune\dthtml.exe
F:\Program Files\Portrait Displays\Pivot Software\Floater.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2008-10-31 16:50:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-31 23:50:33

Pre-Run: 412,026,732,544 bytes free
Post-Run: 411,966,484,480 bytes free

341 --- E O F --- 2008-07-09 23:38:05


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:37 PM, on 10/31/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\netdde.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\tcpsvcs.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Orb Networks\Orb\bin\Orb.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\conime.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\WINDOWS\system32\taskswitch.exe
F:\Program Files\UltraMon\UltraMon.exe
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Gateway\EzTune\DTHtml.exe
F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
F:\Program Files\Portrait Displays\Pivot Software\floater.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
F:\Program Files\SpeedFan\speedfan.exe
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\WINDOWS\explorer.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PivotSoftware] "F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Orb] "F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Gateway Rightside.lnk = ?
O4 - Startup: SpeedFan.lnk = F:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201577205390
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: OrbMediaService - Orb Networks - F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 13264 bytes

There is one small, additional problem that seems to have appeared around the time the malware did. The fonts in my Firefox browser are all bold in some areas that weren't like that before. Like the Google search results. In IE they are all italicized, also something that wasn't like that before. Any idea what happened? I tried messing with the text size, zoom and settings and it doesn't change anything.

That is most likely settings issue.

Anyway, before we come to that, let's remove some malware:

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open notepad and copy/paste the text in the codebox below into it:


File::
F:\WINDOWS\system32\osavyfsh.ini
F:\WINDOWS\system32\ajxfnfbb.ini
F:\WINDOWS\system32\pughinfp.ini

Folder::
F:\Program Files\uTorrent
F:\Documents and Settings\Administrator\Application Data\uTorrent

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Computer hung in the middle of ComboFix. Computer no longer starts. After Windows loading screen, screen goes black and nothing happens afterward. Safe mode too.

Please choose Last Known Good Configuration from boot menu (restart computer and tap F8 before windows logo).

Let me know if it helped.

Computer is shutting down with a STOP BSOD error:

STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000135 (0x00000000 0x00000000).
The system has been shut down.

This (http://www.techtalkz.com/windows-xp/65514-fatal-system-error.html) should help if you have windows CD.

Let me know how it went.

It would seem that Vundo is extremely contagious, or there is an epidemic going around. My laptop is now infected :[. Still working on getting Windows running. I did a recovery using a SP1 CD but I'm not sure that was the best idea.. my boot drive is SATA and was configured for AHCI.. now I'm getting a STOP error about jahci.sys:

*** STOP: 0x0000007E (0xC0000005,0xF788F3C9,0xF7C43218,0xF7C42F18)


*** jahci.sys - Address F788F3C9 base at F788C000, DateStamp 435da804

Oh yeah, if it helps, I have an installation of Kubuntu on another drive. It's got NTFS drivers so I can mess with the XP filesystem if necessary.

Vundo has been going on for years but infection has unfortunately became a lot worse.

Are you able to install recovery console from CD? This (http://support.microsoft.com/kb/307654) should give guidance for installing. If so, we might be able to restore situation prior to combofix run.

Well, after messing with some bios settings, I got past the stop message :) but the XP loading screen is taking FOREVER. The bar is moving but it's been doing that for like 20 minutes now... I guess I'll let it run till morning and we'll see where it's at then..

OK, keep me informed :)

I don't think I can install it, but I can run it from the CD. Is that good enough?

Yes, that should work too.

Please try this:

1. Insert Windows Install disc to boot from CD.
2. Press any key on the keyboard when prompted.
3. Press R to load the Recovery Console.
4. Enter your password when prompted.
5. You must enter which Windows installation to log onto. Type 1 and press enter.
6. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

7. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

8. The erunt backups will begin copying.
9. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

I was never prompted for my password, and when I try to run "batch erdnt.con" I get "Access Denied".

In that case situation doesn't look good.

Out of curiosity, is SP3 final version (according to HijackThis log it looks RC2 to me which can explain problems) and did combofix suggest to install recovery console when you ran it?

I'm pretty sure I had the final version of SP3, though I'm not completely 100% sure. Also, ComboFix did NOT suggest that I install recovery console. I found this strange considering the report it produced said I didn't have it installed.

Keep in mind I do have Kubuntu installed, so if needed I can manually replace files.

Yes, according to your HijackThis log SP3 is Release Candidate 2 which might explain why ComboFix didn't suggest to install RC.

Please attempt to boot from CD next.

Please attempt to boot from CD next.

Sorry, I don't understand what you mean. :red:

Ok so I tried a system recovery using a SP2 cd and now I'm back to where I was with the first BSOD STOP. Same error. Maybe if I use an SP3 cd lol.

I mean that change boot order from BIOS in a way that cd/dvd drive is first, insert CD and reboot.

Tell me if you are able to boot that way.

Using the Windows CD? I can do that using the Kubuntu CD, but not with the Windows CD. The Windows CD takes me to Windows Setup, which is what I've been doing all this time (trying to use system restore and repair console).

I see.

Let's then try this.

Using kubuntu CD please backup these hives (in c:\windows\system32\config; copy them to some other folder which you can find easily later if needed):

security
system
software
sam
default

Then copy same hives from C:\Windows\repair to c:\windows\system32\config folder and choose yes if asked for overwrite.

Try to reboot without any CD and let me know how it went.

The computer looked like it was going to start but then restarted. I think it's still getting the BSOD but is restarting instead of showing it due to settings reset. I noticed something interesting though. The BSOD produced by my computer is the same BSOD used by some programs to force reboot when trying to remove Vundo/Virtumonde. Perhaps the ComboFix restart flag is still in effect?

HOWEVER, it seems that somehow my sam file got deleted and moving the backup sam over seems to have fixed this as the recovery console now asks for a password. I can log in. I'm going to try what you suggested to do earlier in the recovery console.

Ugh. Still getting Access is denied when I try to batch erdnt.con. I'm going to examine the contents of erdnt.con in Kubuntu and see if it's something I can do manually.

Hahah looking at the contents of ERDNT.CON, that's what we just did with the config folder, isn't it?

Actually it is not 100% same as backup isn't the same. That one restores registry backup taken by ComboFix and we restored registry backup taken by Windows.

So can you now log in normally to windows or just to recovery console?

Just recovery console. But some things are still not accessible for some reason.

I do a bit research next.

In the meanwhile I suggest that you backup most important files etc. via Kubuntu just in case that we can't restore ability to boot.

Please copy those same 5 hives from C:\WINDOWS\ERDNT\Hiv-backup to c:\windows\system32\config and let me know if it helped.

Sorry to keep you waiting. I haven't gotten around to it yet and probably will not be able to until the middle or end of the week due to schoolwork. :snorkle:

Thanks for informing me :)

Alright. Tried it and I get BSOD:

STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000135 (0x00000000 0x00000000).
The system has been shut down.

Then please restore backups from C:\Windows\repair to c:\windows\system32\config again.

Situation doesn't look very good actually.

I would recommend reformat & re-install and before that backup all important stuff via Kubuntu.

If you don't like to do that, then I will redirect you to some windows forum because I don't unfortunately see any way for restoring functionality of your computer.

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.