Page 1 of 5 12345 LastLast
Results 1 to 10 of 46

Thread: Virtumonde

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default Virtumonde

    About year and a half ago, I contracted the Virtumonde/Vundo nonsense. There was very little effective information on it back then, and I managed to incapacitate it with a combination of tools, registry edits, and manual file deletions, one tool being a cleaner made specifically for Vundo malware. I killed it to the point where it no longer seemed to be functioning, and that was good enough at the time. I do not believe I removed it entirely, and until now it has been dormant. Today, out of the middle of nowhere, I got a popup tab in FireFox. This being the first unexpected ad I'd seen in about a year, I ran Spybot, and sure enough, Virtumonde is back. I kindly request assistance in removing this plague completely, once and for all from my computer. My HJT log follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:29:43 PM, on 10/27/2008
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\Program Files\AVG\AVG8\avgrsx.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\netdde.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    F:\Program Files\Bonjour\mDNSResponder.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    F:\WINDOWS\system32\inetsrv\inetinfo.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
    F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\WINDOWS\system32\tcpsvcs.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\conime.exe
    F:\Program Files\Orb Networks\Orb\bin\Orb.exe
    F:\Program Files\Unlocker\UnlockerAssistant.exe
    F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    F:\Program Files\Google\Gmail Notifier\gnotify.exe
    F:\WINDOWS\system32\taskswitch.exe
    F:\Program Files\UltraMon\UltraMon.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\PROGRA~1\AVG\AVG8\avgtray.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    F:\Program Files\UltraMon\UltraMonTaskbar.exe
    F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    F:\Program Files\PeerGuardian2\pg2.exe
    F:\Program Files\Microsoft ActiveSync\wcescomm.exe
    F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    F:\Program Files\Gateway\EzTune\DTHtml.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    F:\PROGRA~1\MI3AA1~1\rapimgr.exe
    F:\Program Files\Portrait Displays\Pivot Software\floater.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    F:\Program Files\SpeedFan\speedfan.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    F:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    F:\WINDOWS\explorer.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    F:\Program Files\Mozilla Firefox\firefox.exe

    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 208.69.57.87game01.us.segaonline.jp
    O1 - Hosts: 208.69.57.87 patch01.us.segaonline.jp
    O1 - Hosts: 208.69.57.87 game01.psobb.segaonline.jp
    O1 - Hosts: 208.69.57.87 patch01.psobb.segaonline.jp
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe -H
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT GWY] F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Orb] "F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Orb] F:\Program Files\Winamp Remote\bin\OrbTray.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Orb] F:\Program Files\Winamp Remote\bin\OrbTray.exe (User 'Default user')
    O4 - Startup: Gateway Rightside.lnk = ?
    O4 - Startup: SpeedFan.lnk = F:\Program Files\SpeedFan\speedfan.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download with GetRight Pro - F:\PROGRA~1\Getright\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Pro Browser - F:\PROGRA~1\Getright\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
    O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201577205390
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll wcmdbk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
    O23 - Service: OrbMediaService - Orb Networks - F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
    O24 - Desktop Component 0: (no name) - (no file)
    O24 - Desktop Component 1: (no name) - (no file)

    --
    End of file - 13906 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi SonicSmash

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    When I hit save, HJT closed without saving anything. I renamed HJT and tried again. Worked that time. Let me give you the first four entries since HJT makes them unreadable:
    アカツキ電光戦記 (Akatsuki Blitzkampf)
    Torrent
    東方風神録 ver 1.00a (Touhou Fuujinroku)
    東方緋想天 Ver1.04 (Touhou Hisouten)

    This is the actual log:

    ?A?J?c?Ld?o?i?L
    ?ETorrent
    ??u???_?^ ver 1.00a
    ??uezV Ver1.04
    c??d?e Uwabami Breakers Ver.C73
    7-Zip 4.42
    7-Zip Addon Pack
    Ad-Aware
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 7.0.8
    Adobe Reader for Pocket PC 2.0
    Adobe Setup
    Adobe Setup
    Adobe Shockwave Player
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AG_SYS Screen Saver
    AGEIA PhysX v7.09.13
    AHV content for Acrobat and Flash
    Alt-Tab Task Switcher Powertoy for Windows XP
    A-Mac Address Change 5.3
    Anvil Studio
    AOL Instant Messenger
    Apple Software Update
    ASIO4ALL
    Aspell English Dictionary-0.50-2
    Assegai Screen Saver
    Audacity 1.3.5 (Unicode)
    AutoCAD 2008 - English
    Autodesk DWF Viewer 7
    Avanquest update
    AVG Free 8.0
    AVPM-Setup
    BitPim 1.0.4.20071224
    BLM 2.6.5
    BT8010 Control Center version 1.3
    Calculator Powertoy for Windows XP
    Canon ScanGear Toolbox CS 2.2
    CCleaner (remove only)
    CD/DVD-ROM Generator 2.00
    CmdHere Powertoy For Windows XP
    Collab
    Compact Wireless-G USB Adapter
    Compatibility Pack for the 2007 Office system
    Conduits Pocket Artist
    Cortex Command Build 20
    Dell Printer Software Uninstall
    DESCENT II
    DivX Web Player
    Dynamic Library v1.03
    EGX Screen Saver
    ElectricSheep 2.6.6
    Enhanced Sound Card Driver 8.0
    EPSON Printer Software
    Exact Audio Copy 0.95b4
    EzTune
    FEAR
    Feisar Screen Saver
    feisar_saver
    Final Fantasy VII - Ultima Edition
    Final Fantasy VII XP Patch
    FL Studio 8
    Flash Renamer 6.02
    Game Maker 6.1
    Game Maker 7.0
    Geiss2 for Winamp 2x (remove only)
    GIF Movie Gear 4.1.2
    GNU Aspell 0.50-3
    Google Earth
    Google Gears
    Google Gmail Notifier
    Google SketchUp 6
    Google SketchUp 6
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Updater
    Goteki Screen Saver
    GTK+ Runtime 2.10.11 rev b (remove only)
    GUILTY GEAR XX ?RELOAD
    Guitar Pro 5.0
    Hamachi 1.0.2.2
    Hex Workshop v5
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    hx2000b WM5 Drivers Update
    ID3-TagIT 3
    IIS 6.0 Resource Kit Tools
    ijji - Gunz
    ijji Auto Installer
    IL Download Manager
    Image Resizer Powertoy for Windows XP
    iPAQ Micro Keyboard
    IrisAPE 1.0
    IsoBuster 2.1
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 7
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 1
    Java(TM) SE Runtime Environment 6 Update 1
    JCreator LE 4.00
    JMB36X Raid Configurer
    KAWAI ?X?R?A?v???[???[4.0
    KAWAI ?X?R?A?v???[???[FX
    KeyControl v1.02 (remove only)
    K-Lite Codec Pack 2.77 Full
    ksColorPick
    LiveUpdate
    Lunia
    LuniaGSP
    M3 GAME Manager Uninstall
    Magic ISO Maker v5.3 (build 0216)
    Magic ISO Maker v5.4 (build 0239)
    Magic ISO Maker v5.4 (build 0251)
    Manga Reader v1.2.6
    MapleStory
    Marvell Miniport Driver
    Matrix-ks
    MELTY BLOOD Act Cadenza Ver.B WindowsA
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5 Language Pack - u?{?e
    Microsoft .NET Framework 3.5 Language Pack - jpn
    Microsoft ActiveSync
    Microsoft AppLocale
    Microsoft Bootvis
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation RATTV3
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Express Edition - ENU
    Microsoft Visual C++ 2005 Express Edition - ENU
    Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual J# 2005 Express Edition - ENU
    Microsoft Visual J# 2005 Express Edition - ENU
    Microsoft Visual J# 2005 Express Edition - ENU Service Pack 1 (KB926750)
    Microsoft Windows Application Compatibility Database
    middle_man
    Ml_Icons 0.3
    Motorola Driver Installation
    Motorola Phone Tools
    Motorola PST
    Mozilla Firefox (3.0.3)
    Mozilla Thunderbird (1.5.0.10)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Mulimedia Logic
    Nero 7.2.3.2
    NetBeans IDE 5.5
    NVIDIA Drivers
    NVIDIA nTune
    O&O Defrag Professional Edition
    OpenOffice.org Installer 1.0
    Orb
    PackageFactory for U3 (build 100)
    Pandora's GUI
    PDAwin TV remote controller
    PDF Settings
    PeerGuardian 2.0
    Phantasy Star Online Blue Burst 1.0
    Piranha Screen Saver
    Pivot Software
    Playlist Creator 3
    Pocket RAR documentation
    PoiZone
    Power Tab Editor 1.7
    PowerDVD
    PowerISO
    PowerQuest PartitionMagic 8.0
    Project64 1.6
    PSP Video 9 2.25
    Qirex Screen Saver
    QPST
    QuickGamma 2.0.0.3
    QuickTime
    QuickTime Alternative 1.81
    RAGNAROK BATTLE OFFLINE 1.0
    RapidLeecher Ultimate 2007
    RBO Extra Scenario Vol.1
    RBO Extra Scenario Vol.2
    RBO Extra Scenario Vol.3
    Real Alternative 1.50
    Realtek High Definition Audio Driver
    Regular Expression Laboratory 1.0
    SDK
    Seagate?DiscWizard
    Security Task Manager 1.7d
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows XP (KB941569)
    Send To Extensions PowerToy
    Sony Sound Forge 8.0d
    Sothink SWF Decompiler
    SpaceCowboy
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SqrSoftR Advanced Crossfading (remove only)
    SSH Secure Shell
    Stereogram Explorer 2.4
    Stereogram Screensaver v1.0
    System Requirements Lab
    TCPMP
    Thermal Analysis Tool
    Triakis Screen Saver
    Tweak UI
    UltraFXP (remove only)
    UltraISO Premium V8.2
    UltraMon
    Update for Windows Media Player 10 (KB926251)
    VideoLAN VLC media player 0.8.6d
    Viewpoint Media Player
    ViewSonic Monitor Drivers
    Virtual Desktop Manager Powertoy for Windows XP
    Visual IRC 2.0
    vixy converter uninstall
    VNC Free Edition 4.1.2
    WD Diagnostics
    WIBU-KEY Setup (WIBU-KEY Remove)
    Winamp
    Winamp 5 Color Editor (remove only)
    Winamp Wecker
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Sniper
    Windows Support Tools
    Windows XP Service Pack 3
    WinHTTrack Website Copier 3.41-3
    WinMobile Torrent
    WinPcap 4.0.1
    WinRAR archiver
    WinRAR Themes Addon
    XML Paper Specification Shared Components Language Pack 1.0
    YAMAHA Digital Music Notebook

    Thanks

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Torrent
    WinMobile Torrent


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new uninstall list scan when finished and post the log back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Please note that the problem has worsened. I can no longer reliably boot my computer without resorting to safe mode.

    Here is the log:

    ?A?J?c?Lgd?o?i?L
    g??u???_?^ ver 1.00a
    g??uheezgV Ver1.04
    c?N?d?e Uwabami Breakers Ver.C73
    7-Zip 4.42
    7-Zip Addon Pack
    Ad-Aware
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 7.0.8
    Adobe Reader for Pocket PC 2.0
    Adobe Setup
    Adobe Setup
    Adobe Shockwave Player
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AG_SYS Screen Saver
    AGEIA PhysX v7.09.13
    AHV content for Acrobat and Flash
    Alt-Tab Task Switcher Powertoy for Windows XP
    A-Mac Address Change 5.3
    Anvil Studio
    AOL Instant Messenger
    Apple Software Update
    ASIO4ALL
    Aspell English Dictionary-0.50-2
    Assegai Screen Saver
    Audacity 1.3.5 (Unicode)
    AutoCAD 2008 - English
    Autodesk DWF Viewer 7
    Avanquest update
    AVG Free 8.0
    AVPM-Setup
    BitPim 1.0.4.20071224
    BLM 2.6.5
    BT8010 Control Center version 1.3
    Calculator Powertoy for Windows XP
    Canon ScanGear Toolbox CS 2.2
    CCleaner (remove only)
    CD/DVD-ROM Generator 2.00
    CmdHere Powertoy For Windows XP
    Collab
    Compact Wireless-G USB Adapter
    Compatibility Pack for the 2007 Office system
    Conduits Pocket Artist
    Cortex Command Build 20
    Dell Printer Software Uninstall
    DESCENT II
    DivX Web Player
    Dynamic Library v1.03
    EGX Screen Saver
    ElectricSheep 2.6.6
    Enhanced Sound Card Driver 8.0
    EPSON Printer Software
    Exact Audio Copy 0.95b4
    EzTune
    FEAR
    Feisar Screen Saver
    feisar_saver
    Final Fantasy VII - Ultima Edition
    Final Fantasy VII XP Patch
    FL Studio 8
    Flash Renamer 6.02
    Game Maker 6.1
    Game Maker 7.0
    Geiss2 for Winamp 2x (remove only)
    GIF Movie Gear 4.1.2
    GNU Aspell 0.50-3
    Google Earth
    Google Gears
    Google Gmail Notifier
    Google SketchUp 6
    Google SketchUp 6
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Updater
    Goteki Screen Saver
    GTK+ Runtime 2.10.11 rev b (remove only)
    GUILTY GEAR XX ?hRELOAD
    Guitar Pro 5.0
    Hamachi 1.0.2.2
    Hex Workshop v5
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    hx2000b WM5 Drivers Update
    ID3-TagIT 3
    IIS 6.0 Resource Kit Tools
    ijji - Gunz
    ijji Auto Installer
    IL Download Manager
    Image Resizer Powertoy for Windows XP
    iPAQ Micro Keyboard
    IrisAPE 1.0
    IsoBuster 2.1
    J2SE Runtime Environment 5.0 Update 7
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 1
    Java(TM) SE Runtime Environment 6 Update 1
    JCreator LE 4.00
    JMB36X Raid Configurer
    KAWAI ?X?R?A?v???[???[4.0
    KAWAI ?X?R?A?v???[???[FX
    KeyControl v1.02 (remove only)
    K-Lite Codec Pack 2.77 Full
    ksColorPick
    LiveUpdate
    Lunia
    LuniaGSP
    M3 GAME Manager Uninstall
    Magic ISO Maker v5.3 (build 0216)
    Magic ISO Maker v5.4 (build 0239)
    Magic ISO Maker v5.4 (build 0251)
    Manga Reader v1.2.6
    MapleStory
    Marvell Miniport Driver
    Matrix-ks
    MELTY BLOOD Act Cadenza Ver.B WindowshA
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5 Language Pack - gu?{?e
    Microsoft .NET Framework 3.5 Language Pack - jpn
    Microsoft ActiveSync
    Microsoft AppLocale
    Microsoft Bootvis
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation RATTV3
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Express Edition - ENU
    Microsoft Visual C++ 2005 Express Edition - ENU
    Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual J# 2005 Express Edition - ENU
    Microsoft Visual J# 2005 Express Edition - ENU
    Microsoft Visual J# 2005 Express Edition - ENU Service Pack 1 (KB926750)
    Microsoft Windows Application Compatibility Database
    middle_man
    Ml_Icons 0.3
    Motorola Driver Installation
    Motorola Phone Tools
    Motorola PST
    Mozilla Firefox (3.0.3)
    Mozilla Thunderbird (1.5.0.10)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Mulimedia Logic
    Nero 7.2.3.2
    NetBeans IDE 5.5
    NVIDIA Drivers
    NVIDIA nTune
    O&O Defrag Professional Edition
    OpenOffice.org Installer 1.0
    Orb
    PackageFactory for U3 (build 100)
    Pandora's GUI
    PDAwin TV remote controller
    PDF Settings
    PeerGuardian 2.0
    Phantasy Star Online Blue Burst 1.0
    Piranha Screen Saver
    Pivot Software
    Playlist Creator 3
    Pocket RAR documentation
    PoiZone
    Power Tab Editor 1.7
    PowerDVD
    PowerISO
    PowerQuest PartitionMagic 8.0
    Project64 1.6
    PSP Video 9 2.25
    Qirex Screen Saver
    QPST
    QuickGamma 2.0.0.3
    QuickTime
    QuickTime Alternative 1.81
    RAGNAROK BATTLE OFFLINE 1.0
    RapidLeecher Ultimate 2007
    RBO Extra Scenario Vol.1
    RBO Extra Scenario Vol.2
    RBO Extra Scenario Vol.3
    Real Alternative 1.50
    Realtek High Definition Audio Driver
    Regular Expression Laboratory 1.0
    SDK
    Seagate?DiscWizard
    Security Task Manager 1.7d
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows XP (KB941569)
    Send To Extensions PowerToy
    Sony Sound Forge 8.0d
    Sothink SWF Decompiler
    SpaceCowboy
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SqrSoftR Advanced Crossfading (remove only)
    SSH Secure Shell
    Stereogram Explorer 2.4
    Stereogram Screensaver v1.0
    System Requirements Lab
    TCPMP
    Thermal Analysis Tool
    Triakis Screen Saver
    Tweak UI
    UltraFXP (remove only)
    UltraISO Premium V8.2
    UltraMon
    Update for Windows Media Player 10 (KB926251)
    VideoLAN VLC media player 0.8.6d
    Viewpoint Media Player
    ViewSonic Monitor Drivers
    Virtual Desktop Manager Powertoy for Windows XP
    Visual IRC 2.0
    vixy converter uninstall
    VNC Free Edition 4.1.2
    WD Diagnostics
    WIBU-KEY Setup (WIBU-KEY Remove)
    Winamp
    Winamp 5 Color Editor (remove only)
    Winamp Wecker
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Sniper
    Windows Support Tools
    Windows XP Service Pack 3
    WinHTTrack Website Copier 3.41-3
    WinPcap 4.0.1
    WinRAR archiver
    WinRAR Themes Addon
    XML Paper Specification Shared Components Language Pack 1.0
    YAMAHA Digital Music Notebook

  6. #6
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    I also cannot access the safer-networking.org website or the spybot.info forums any longer. I am using a second computer for this right now.

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please then use that another computer for transferring logs/tools from now on.

    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Combofix finished, but the log it produced was empty and I was unable to find Combofix.txt on the root of any of my drives..

    Here is the HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:47:31 PM, on 10/30/2008
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\netdde.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    F:\Program Files\Bonjour\mDNSResponder.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    F:\WINDOWS\system32\inetsrv\inetinfo.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
    F:\WINDOWS\system32\tcpsvcs.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\WINDOWS\system32\conime.exe
    F:\Program Files\Orb Networks\Orb\bin\Orb.exe
    F:\Program Files\Unlocker\UnlockerAssistant.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\Google\Gmail Notifier\gnotify.exe
    F:\WINDOWS\system32\taskswitch.exe
    F:\Program Files\UltraMon\UltraMon.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    F:\Program Files\PeerGuardian2\pg2.exe
    F:\Program Files\Microsoft ActiveSync\wcescomm.exe
    F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    F:\PROGRA~1\MI3AA1~1\rapimgr.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    F:\Program Files\Portrait Displays\Pivot Software\floater.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    F:\Program Files\SpeedFan\speedfan.exe
    F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    F:\WINDOWS\explorer.exe
    F:\WINDOWS\system32\notepad.exe
    F:\Program Files\UltraMon\UltraMonTaskbar.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E4B4508-9EB5-4363-80CE-B88B1AABEA47} - (no file)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AD2DE490-21F0-44D3-9E3E-1F5DED8E3CC1} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: (no name) - {D4377B05-A5B9-44E5-B85A-F47F6D16916C} - (no file)
    O2 - BHO: (no name) - {FCB1C960-4EF6-4D7E-A2F7-E30E33173F76} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe -H
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT GWY] F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Orb] "F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Gateway Rightside.lnk = ?
    O4 - Startup: SpeedFan.lnk = F:\Program Files\SpeedFan\speedfan.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
    O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201577205390
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: khfDVmJY - F:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
    O23 - Service: OrbMediaService - Orb Networks - F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
    O24 - Desktop Component 0: (no name) - (no file)
    O24 - Desktop Component 1: (no name) - (no file)

    --
    End of file - 13493 bytes

  9. #9
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please re-run it and let me know if you can now find its log
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #10
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Got it this time ComboFix Log:

    ComboFix 08-10-30.09 - GameKyuubi 2008-10-31 10:50:08.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.393 [GMT -7:00]
    Running from: F:\Documents and Settings\Administrator\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
    .

    2008-10-31 11:18 . 2008-10-31 11:18 <DIR> d--hs---- F:\found.000
    2008-10-28 22:22 . 2008-10-28 22:22 1,032,627 --ahsc--- F:\WINDOWS\system32\osavyfsh.ini
    2008-10-28 17:01 . 2008-04-23 14:02 157,152 --a--c--- F:\WINDOWS\system32\PubPlugin.dll
    2008-10-28 16:55 . 2008-10-28 16:55 <DIR> d----c--- F:\rsit
    2008-10-27 23:25 . 2008-10-27 23:25 <DIR> d----c--- F:\Program Files\Trend Micro
    2008-10-27 22:20 . 2008-10-27 22:20 1,045,153 --ahsc--- F:\WINDOWS\system32\ajxfnfbb.ini
    2008-10-27 21:50 . 2008-10-27 21:50 <DIR> d----c--- F:\Program Files\Lavasoft
    2008-10-27 21:49 . 2008-10-27 21:52 <DIR> d----c--- F:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-27 18:36 . 2008-10-28 23:40 211 --a--c--- F:\WINDOWS\wininit.ini
    2008-10-27 12:10 . 2008-10-27 12:10 1,045,153 --ahsc--- F:\WINDOWS\system32\pughinfp.ini
    2008-10-21 02:54 . 2008-10-31 16:43 16 --a--c--- F:\WINDOWS\system32\wpfb.dat
    2008-10-21 02:48 . 2008-10-21 02:48 <DIR> d----c--- F:\Program Files\Portrait Displays
    2008-10-21 02:48 . 2008-10-21 02:48 62,009 --a--c--- F:\WINDOWS\system32\wpfb_nv4_disp.dll
    2008-10-21 02:48 . 2007-02-09 12:17 62,009 --a--c--- F:\WINDOWS\system32\WPFB.DLL
    2008-10-21 02:48 . 2007-02-09 12:17 17,465 --a--c--- F:\WINDOWS\system32\drivers\pivot.sys
    2008-10-21 02:48 . 2007-02-09 12:17 11,323 --a--c--- F:\WINDOWS\system32\drivers\pivotmou.sys
    2008-10-21 02:48 . 2004-11-22 12:07 2,304 --a--c--- F:\WINDOWS\system32\Machnm32.sys
    2008-10-21 02:46 . 2008-10-21 02:46 <DIR> d----c--- F:\Program Files\Gateway
    2008-10-21 02:46 . 2008-10-21 02:46 <DIR> d----c--- F:\Program Files\Common Files\Portrait Displays
    2008-10-09 03:20 . 2008-10-09 03:20 <DIR> d----c--- F:\Program Files\SourceTec
    2008-10-09 03:20 . 2008-10-09 03:20 <DIR> d----c--- F:\Program Files\Common Files\SourceTec
    2008-10-09 02:52 . 2008-10-09 02:52 <DIR> d----c--- F:\Program Files\DComSoft
    2008-09-25 01:16 . 2008-09-25 01:16 <DIR> d----c--- F:\Program Files\BestGameEver
    2008-09-24 19:16 . 2008-09-24 19:16 <DIR> d----c--- F:\Program Files\Common Files\Apple
    2008-09-24 19:15 . 2008-09-24 19:15 <DIR> d----c--- F:\Program Files\Apple Software Update
    2008-09-24 19:15 . 2008-09-24 19:15 <DIR> d----c--- F:\Documents and Settings\All Users\Application Data\Apple
    2008-09-20 21:41 . 2008-09-24 21:23 <DIR> d----c--- F:\Program Files\Phantasy Star Online Blue Burst
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a--c--- F:\WINDOWS\system32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a--c--- F:\WINDOWS\system32\QuickTime.qts
    2008-09-06 13:58 . 2008-09-06 13:58 <DIR> d----c--- F:\Program Files\Replay Radio 6
    2008-09-06 13:58 . 2001-12-06 18:26 41,984 --a--c--- F:\WINDOWS\system32\APTRRNTm.dll
    2008-09-06 13:58 . 2001-12-06 18:26 36,864 --a--c--- F:\WINDOWS\system32\APTRRNTl.dll
    2008-09-03 03:58 . 2008-09-03 03:58 54,156 --ah-c--- F:\WINDOWS\QTFont.qfn
    2008-09-03 03:58 . 2008-09-03 03:58 1,409 --a--c--- F:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-31 23:43 --------- dc----w F:\Program Files\SpeedFan
    2008-10-31 17:52 --------- dc----w F:\Program Files\PeerGuardian2
    2008-10-31 01:02 --------- dc----w F:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-30 23:36 --------- dc----w F:\Documents and Settings\All Users\Application Data\avg8
    2008-10-29 21:47 --------- dc----w F:\Program Files\uTorrent
    2008-10-29 21:47 --------- dc----w F:\Program Files\Microsoft ActiveSync
    2008-10-29 05:57 --------- dc----w F:\Program Files\Spybot - Search & Destroy
    2008-10-29 00:41 --------- dc----w F:\Program Files\Java
    2008-10-28 21:21 --------- dc-h--w F:\Program Files\InstallShield Installation Information
    2008-10-28 21:21 --------- dc----w F:\Program Files\YAMAHA
    2008-10-28 20:52 --------- dc----w F:\Program Files\Easy Duplicate Finder
    2008-10-28 04:48 --------- dc----w F:\Program Files\Common Files\Wise Installation Wizard
    2008-10-28 01:37 --------- dc----w F:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-10-24 02:29 --------- dc----w F:\Program Files\Tsukihime
    2008-10-22 01:59 --------- dc----w F:\Documents and Settings\Administrator\Application Data\Audacity
    2008-10-21 22:16 --------- dc----w F:\Program Files\vixy.net
    2008-10-21 09:54 --------- dc----w F:\Documents and Settings\Administrator\Application Data\DisplayTune
    2008-10-21 08:17 --------- dc----w F:\Program Files\SystemRequirementsLab
    2008-10-21 08:17 --------- dc----w F:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
    2008-10-07 20:33 6,133,856 -c--a-w F:\WINDOWS\system32\drivers\nv4_mini.sys
    2008-09-28 08:45 --------- dc----w F:\Documents and Settings\Administrator\Application Data\dvdcss
    2008-09-26 23:43 --------- dc----w F:\Documents and Settings\Administrator\Application Data\U3
    2008-09-25 02:16 --------- dc----w F:\Program Files\QuickTime Alternative
    2008-09-25 02:16 --------- dc----w F:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-17 11:36 --------- dc----w F:\Program Files\MSECACHE
    2008-09-08 09:25 --------- dc----w F:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-09-06 20:58 737,280 -c--a-w F:\WINDOWS\iun6002.exe
    2007-12-21 06:13 92,064 -c--a-w F:\Documents and Settings\Administrator\mqdmmdm.sys
    2007-12-21 06:13 9,232 -c--a-w F:\Documents and Settings\Administrator\mqdmmdfl.sys
    2007-12-21 06:13 79,328 -c--a-w F:\Documents and Settings\Administrator\mqdmserd.sys
    2007-12-21 06:13 66,656 -c--a-w F:\Documents and Settings\Administrator\mqdmbus.sys
    2007-12-21 06:13 6,208 -c--a-w F:\Documents and Settings\Administrator\mqdmcmnt.sys
    2007-12-21 06:13 5,936 -c--a-w F:\Documents and Settings\Administrator\mqdmwhnt.sys
    2007-12-21 06:13 4,048 -c--a-w F:\Documents and Settings\Administrator\mqdmcr.sys
    2007-12-21 06:13 25,600 -c--a-w F:\Documents and Settings\Administrator\usbsermptxp.sys
    2007-12-21 06:13 22,768 -c--a-w F:\Documents and Settings\Administrator\usbsermpt.sys
    2007-07-06 06:10 263,985,711 -c--a-w F:\Program Files\アカツキ電光戦記.rar
    2006-06-27 00:07 1,333,672 -c--a-w F:\Documents and Settings\Administrator\vxworks_prep_v03.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="F:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "Orb"="F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2008-05-13 507904]
    "swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
    "NVIDIA nTune"="F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
    "Google Update"="F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
    "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]
    "SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="F:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="F:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "CoolSwitch"="F:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
    "UltraMon"="F:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 304640]
    "IMJPMIG8.1"="F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2002-12-31 208952]
    "MSPY2002"="F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
    "36X Raid Configurer"="F:\WINDOWS\system32\xRaidSetup.exe" [2007-11-19 1970176]
    "AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 1232152]
    "DiscWizardMonitor.exe"="F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 1169744]
    "AcronisTimounterMonitor"="F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688]
    "Acronis Scheduler2 Service"="F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024]
    "JMB36X IDE Setup"="F:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
    "PivotSoftware"="F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
    "DT GWY"="F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-25 81920]
    "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "nwiz"="nwiz.exe" [2008-10-07 F:\WINDOWS\system32\nwiz.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 F:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]

    F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Gateway Rightside.lnk - F:\Documents and Settings\Administrator\Application Data\Realtime Soft\UltraMon\Profiles\Gateway Rightside.umprofile [2008-04-24 263]
    SpeedFan.lnk - F:\Program Files\SpeedFan\speedfan.exe [2008-04-22 3287552]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 01000000
    "NoRecentDocsNetHood"= 01000000
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "GreyMSIAds"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codec"= l3codecp.acm
    "VIDC.X264"= x264vfw.dll
    "aux1"= ctwdm32.dll
    "midi2"= xgusb.cpl
    "mixer"= APTRRNTm.dll
    "wave"= APTRRNTm.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
    @=""

    [HKLM\~\startupfolder\F:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Default1.lnk]
    path=F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Default1.lnk
    backup=F:\WINDOWS\pss\Default1.lnkStartup

    [HKLM\~\startupfolder\F:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Normal.lnk]
    backup=F:\WINDOWS\pss\Normal.lnkStartup

    [HKLM\~\startupfolder\F:^Documents and Settings^Administrator^Start Menu^Programs^Startup^SpeedFan.lnk]
    path=F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpeedFan.lnk
    backup=F:\WINDOWS\pss\SpeedFan.lnkStartup

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
    backup=F:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^RATT.lnk]
    path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\RATT.lnk
    backup=F:\WINDOWS\pss\RATT.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    F:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    F:\WINDOWS\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
    --a--c--- 2002-03-19 18:30 45632 F:\WINDOWS\system32\TaskSwitch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a--c--- 2008-02-12 15:59 15360 F:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a--c--- 2007-08-22 05:06 167368 F:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
    -ra--c--- 2006-07-12 02:58 356352 F:\WINDOWS\system32\JMRaidTool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a--c--- 2006-11-13 13:39 1289000 F:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a--c--- 2002-12-31 05:00 208952 F:\WINDOWS\ime\IMJP8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a--c--- 2004-08-04 05:00 59392 F:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a--c--- 2008-10-07 13:33 13574144 F:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a--c--- 2008-10-07 13:33 86016 F:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
    --a--c--- 2005-09-18 18:40 1421824 F:\Program Files\PeerGuardian2\pg2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a--c--- 2004-08-04 05:00 455168 F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a--c--- 2004-08-04 05:00 455168 F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
    --a--c--- 2006-10-12 22:27 304640 F:\Program Files\UltraMon\UltraMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2006-09-07 14:19 15872 F:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    --a--c--- 2005-07-15 14:48 479232 F:\Program Files\Google\Gmail Notifier\gnotify.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a--c--- 2005-05-03 18:43 69632 F:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a--c--- 2008-10-07 13:33 1630208 F:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    --a--c--- 2007-06-15 16:45 1826816 F:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "HMHZHC"=3 (0x3)
    "Bonjour Service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
    "F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "F:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
    "F:\\Downloads\\Games\\PC\\Touhou\\th105_t_w\\th105.exe"=
    "H:\\Downloads\\[Shanghai Alice] Touhou 01-9.5\\Immaterial and Missing Power\\Immaterial And Missing Power\\th075Caster060419p79.exe"=
    "F:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "F:\\Program Files\\EcoleSoftware\\MBACWIN\\mbcaster.exe"=
    "F:\\Program Files\\tasofro\\th105\\th105.exe"=
    "F:\\Program Files\\AIM\\aim.exe"=
    "F:\\Program Files\\tasofro\\Immaterial And Missing Power\\CowCaster.exe"=
    "F:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "F:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "F:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\ijji\\ENGLISH\\u_gunz.exe"=
    "F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "F:\\WINDOWS\\system32\\ElectricSheep.scr"=
    "F:\\Program Files\\Phantasy Star Online Blue Burst\\online.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 jahci;jahci;F:\WINDOWS\system32\drivers\jahci.sys [2002-12-31 33280]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;F:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 96520]
    R1 Pivot;Pivot;F:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 17465]
    R2 AvgTdiX;AVG Free8 Network Redirector;F:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 76040]
    R2 PdiService;Portrait Displays SDK Service;F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-21 90112]
    R2 UltraMonUtility;UltraMon Utility Driver;F:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
    R3 pivotmou;Pivot Mouse/Pointers Filter Driver;F:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 11323]
    R3 UltraMonMirror;UltraMonMirror;F:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
    S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;F:\Program Files\VMLaunch\BuddyVM.sys [ ]
    S3 avg8emc;AVG Free8 E-mail Scanner;F:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-15 873752]
    S3 avg8wd;AVG Free8 WatchDog;F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 231192]
    S3 EPUSBSTOR;EPSON USB Storage Driver;F:\WINDOWS\system32\DRIVERS\epusbsto.sys [2001-09-10 17976]
    S3 MCHPUSB;MCHPUSB;F:\WINDOWS\system32\drivers\mchpusb.sys [2004-11-22 61440]
    S3 MotDev;Motorola Inc. USB Device;F:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
    S3 p2pgasvc;Peer Networking Group Authentication;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
    S3 p2pimsvc;Peer Networking Identity Manager;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
    S3 p2psvc;Peer Networking;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
    S3 PNRPSvc;Peer Name Resolution Protocol;F:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
    S4 HMHZHC;HMHZHC;F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HMHZHC.exe [ ]
    S4 TCCrystalCpuInfo;TCCrystalCpuInfo;F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TCCpuInfo.sys [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
    \Shell\AutoRun\command - N:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360cabec-721f-11dc-859e-001a4d62a108}]
    \Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dae3e62-b517-11dc-85d3-001a4d62a108}]
    \Shell\AutoRun\command - N:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dae3e66-b517-11dc-85d3-001a4d62a108}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b344c3d3-5393-11dd-9803-001b41000e99}]
    \Shell\AutoRun\command - N:\LaunchU3.exe -a

    *Newly Created Service* - PGFILTER

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{381BC520-8442-004F-0600-030802080700}]
    F:\WINDOWS\system32\MSWINHOOK32.EXE
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-21 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - F:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-10-31 F:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
    - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 01:07]

    2008-10-27 F:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{1E4B4508-9EB5-4363-80CE-B88B1AABEA47} - (no file)
    BHO-{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - (no file)
    BHO-{AD2DE490-21F0-44D3-9E3E-1F5DED8E3CC1} - (no file)
    BHO-{D4377B05-A5B9-44E5-B85A-F47F6D16916C} - (no file)
    BHO-{FCB1C960-4EF6-4D7E-A2F7-E30E33173F76} - (no file)
    Notify-khfDVmJY - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g8yzsnls.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en
    FF -: plugin - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
    FF -: plugin - F:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - F:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
    FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
    FF -: plugin - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-31 16:43:04
    Windows 5.1.2600 Service Pack 3, v.3311 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    F:\WINDOWS\system32\netdde.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    F:\Program Files\Bonjour\mDNSResponder.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    F:\WINDOWS\system32\inetsrv\inetinfo.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\WINDOWS\system32\msdtc.exe
    F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    F:\WINDOWS\system32\locator.exe
    F:\WINDOWS\system32\tcpsvcs.exe
    F:\Program Files\Orb Networks\Orb\bin\Orb.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\WINDOWS\system32\conime.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\UltraMon\UltraMonTaskbar.exe
    F:\Program Files\Gateway\EzTune\dthtml.exe
    F:\Program Files\Portrait Displays\Pivot Software\Floater.exe
    F:\PROGRA~1\MI3AA1~1\rapimgr.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-10-31 16:50:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-31 23:50:33

    Pre-Run: 412,026,732,544 bytes free
    Post-Run: 411,966,484,480 bytes free

    341 --- E O F --- 2008-07-09 23:38:05


    HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:57:37 PM, on 10/31/2008
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\netdde.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    F:\Program Files\Bonjour\mDNSResponder.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    F:\WINDOWS\system32\inetsrv\inetinfo.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
    F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\WINDOWS\system32\tcpsvcs.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Orb Networks\Orb\bin\Orb.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\WINDOWS\system32\conime.exe
    F:\Program Files\Google\Gmail Notifier\gnotify.exe
    F:\WINDOWS\system32\taskswitch.exe
    F:\Program Files\UltraMon\UltraMon.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\PROGRA~1\AVG\AVG8\avgtray.exe
    F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    F:\Program Files\PeerGuardian2\pg2.exe
    F:\Program Files\Microsoft ActiveSync\wcescomm.exe
    F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    F:\Program Files\Gateway\EzTune\DTHtml.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    F:\Program Files\Portrait Displays\Pivot Software\floater.exe
    F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    F:\PROGRA~1\MI3AA1~1\rapimgr.exe
    F:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    F:\Program Files\SpeedFan\speedfan.exe
    F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    F:\WINDOWS\explorer.exe
    F:\Program Files\UltraMon\UltraMonTaskbar.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe -H
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "F:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT GWY] F:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Orb] "F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Gateway Rightside.lnk = ?
    O4 - Startup: SpeedFan.lnk = F:\Program Files\SpeedFan\speedfan.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
    O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - F:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201577205390
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - F:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
    O23 - Service: OrbMediaService - Orb Networks - F:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - F:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
    O24 - Desktop Component 0: (no name) - (no file)
    O24 - Desktop Component 1: (no name) - (no file)

    --
    End of file - 13264 bytes

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •