Hi. I came on this forum a few weeks ago seeking virus help, and left clean as a whistle. however, A few days ago, I updated something on windows, and ever since I have had a strange problem. Whenever I start my computer, it is perfectly fine, but about 10 minutes in, no matter what I do, the whole computer freezes and I lose all control (or at least nothing responds). Then I have no choice but to force shut down. However, if I start in safe mode (or safe mode with networking) the computer works fine with no problems. I tried about 10 full scans using different programs that helped me with my last virus program, but they all came up clean. I can't figure out if this is because of the update, or if I even have a virus. I am running fujitsu-vista 32-bit business. Also, I haven't really downloaded anything but that update for the past week, and right now I am running in safe mode with networking. Just for the heck of it, here are some of my newest logs (all since this problem started occurring and run in safe mode):
ComboFix 10-06-27.06 - STILLR 07/07/2010 23:50:06.4.2 - x86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2001.1254 [GMT -4:00]
Running from: d:\my files\Virus Protection\ComboFix\Commy.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\autochk.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.
2010-07-08 03:53 . 2010-07-08 03:53 -------- d-----w- c:\users\user\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53 -------- d-----w- c:\users\admin2\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-07-08 03:45 . 2010-07-08 03:49 -------- d-----w- C:\32788R22FWJFW
2010-07-04 21:08 . 2010-07-04 21:08 -------- d-----w- c:\program files\ESET
2010-07-01 04:47 . 2010-04-09 17:16 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-07-01 04:47 . 2010-04-09 17:16 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-07-01 04:47 . 2010-04-09 17:16 11104 ------w- c:\windows\system32\pwdspio.sys
2010-07-01 00:57 . 2010-07-01 00:57 -------- d-----w- c:\programdata\XBCDSU
2010-07-01 00:57 . 2010-04-13 19:02 15360 ----a-w- c:\windows\system32\xbcdr.dll
2010-07-01 00:57 . 2009-11-12 14:17 16384 ----a-w- c:\windows\system32\drivers\xbcd.sys
2010-07-01 00:57 . 2007-08-30 13:52 230400 ----a-w- c:\windows\system32\xbcdsu.dll
2010-07-01 00:57 . 2007-08-16 16:37 27136 ----a-w- c:\windows\system32\xbcdif.dll
2010-06-30 18:59 . 2010-06-30 18:59 -------- d-----w- c:\program files\Common Files\Java
2010-06-30 18:59 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 18:01 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 18:01 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 18:01 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 18:01 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 18:01 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 06:07 . 2010-06-28 06:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-28 04:58 . 2001-07-13 17:56 14976 ----a-w- c:\windows\system32\drivers\SBKUPNT.SYS
2010-06-28 04:58 . 1997-02-08 21:11 13312 ----a-w- c:\windows\system32\DEVLOAD.EXE
2010-06-28 04:44 . 2010-04-27 02:10 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-06-28 04:44 . 2010-02-23 15:51 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-06-28 04:44 . 2010-02-23 15:51 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-06-28 04:44 . 2010-02-23 15:51 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-06-28 04:44 . 2010-02-23 15:51 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-06-28 01:41 . 2010-06-28 01:41 -------- d-----w- c:\windows\amlog
2010-06-28 01:14 . 2010-05-25 20:37 12728 ----a-w- c:\windows\system32\ampa.sys
2010-06-28 01:14 . 2010-05-25 20:37 919480 ----a-w- c:\windows\ampa.exe
2010-06-27 19:27 . 2010-06-27 19:27 98304 ----a-w- c:\windows\system32\snapapi.dll
2010-06-27 19:27 . 2010-06-27 19:27 65344 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-06-27 19:27 . 2010-06-27 19:27 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-06-27 19:27 . 2010-06-27 19:27 -------- d-----w- c:\program files\Common Files\Acronis
2010-06-27 04:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 04:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-26 23:52 . 2010-06-26 23:52 63488 ----a-w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-26 23:52 . 2010-06-26 23:52 52224 ----a-w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-26 23:52 . 2010-06-26 23:52 117760 ----a-w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-26 23:51 . 2010-06-26 23:51 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2010-06-26 23:51 . 2010-06-26 23:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-25 21:58 . 2010-06-25 21:58 -------- d-----w- c:\users\Admin\AppData\Roaming\Autodesk
2010-06-25 21:27 . 2010-06-26 01:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-25 21:24 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-06-25 21:24 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-06-25 21:24 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-23 20:06 . 2010-06-23 20:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-06-23 18:31 . 2010-06-23 18:31 9062 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe
2010-06-23 18:31 . 2010-06-23 18:31 124902 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe
2010-06-23 18:31 . 2010-06-23 18:31 124902 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe
2010-06-23 18:31 . 2010-06-23 18:31 11310 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe
2010-06-23 18:31 . 2010-06-23 18:31 11310 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe
2010-06-23 18:31 . 2010-06-23 18:31 11310 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe
2010-06-23 17:57 . 2010-07-01 06:33 -------- d-----w- c:\users\user\AppData\Local\ApplicationHistory
2010-06-23 17:47 . 2010-07-02 18:35 -------- d-----w- c:\users\user\AppData\Local\Paint.NET
2010-06-19 16:57 . 2010-06-19 16:57 -------- d-----w- c:\windows\USB Vibration
2010-06-19 16:56 . 2010-06-19 16:56 -------- d-----w- C:\Open File Driver Intall
2010-06-19 01:59 . 2010-06-19 01:59 -------- d-----w- c:\users\user\AppData\Local\Help
2010-06-19 01:58 . 2007-02-18 21:11 296960 ----a-w- c:\windows\winhlp32.exe
2010-06-19 01:58 . 2007-02-18 21:11 194560 ----a-w- c:\windows\system32\ftsrch.dll
2010-06-19 01:58 . 2007-02-18 21:11 9728 ----a-w- c:\windows\system32\ftlx041e.dll
2010-06-19 01:58 . 2007-02-18 21:11 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2010-06-19 00:59 . 2010-06-25 00:57 -------- d-sha-w- c:\users\Public\DRM
2010-06-09 18:56 . 2010-07-07 16:38 680 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat
2010-06-09 18:14 . 2010-06-18 20:48 220926964 ----a-w- c:\users\Admin\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2010-06-09 02:13 . 2010-06-09 18:26 -------- d-----w- c:\users\user\AppData\Local\Windows Server
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 00:00 . 2008-08-12 05:18 -------- d-----w- c:\users\Admin\AppData\Roaming\WTablet
2010-07-07 23:59 . 2009-10-01 15:31 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-07 23:59 . 2009-10-02 19:41 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-06 22:04 . 2008-08-21 01:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-05 04:54 . 2010-05-05 23:33 -------- d-----w- c:\users\Admin\AppData\Roaming\Scirra
2010-07-01 00:52 . 2010-07-01 00:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-06-30 19:35 . 2008-06-19 03:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 18:58 . 2008-08-20 07:11 -------- d-----w- c:\program files\Java
2010-06-30 18:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 18:09 . 2008-06-20 17:24 -------- d-----w- c:\programdata\Microsoft Help
2010-06-28 06:07 . 2009-10-01 14:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-28 06:07 . 2009-10-01 14:03 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-26 05:34 . 2010-01-10 00:24 -------- d-----w- c:\programdata\FLEXnet
2010-06-26 04:37 . 2010-04-17 18:08 -------- d-----w- c:\users\Admin\AppData\Roaming\BitTorrent
2010-06-25 21:58 . 2010-04-20 01:22 -------- d-----w- c:\programdata\Autodesk
2010-06-25 21:21 . 2010-04-20 01:26 -------- d-----w- c:\program files\Autodesk
2010-06-25 04:05 . 2009-10-29 02:38 -------- d-----w- c:\users\Admin\AppData\Roaming\gtk-2.0
2010-06-23 18:55 . 2010-05-15 17:07 -------- d-----w- c:\users\Admin\AppData\Roaming\RealWorld
2010-06-17 02:08 . 2009-10-01 15:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-17 01:55 . 2009-09-30 21:33 185558831 ----a-w- c:\windows\DUMP51f6.tmp
2010-06-13 02:19 . 2010-03-28 23:49 -------- d-----w- c:\users\Admin\AppData\Roaming\Audacity
2010-06-11 01:01 . 2010-03-30 22:50 -------- d--h--w- c:\users\Admin\AppData\Roaming\ijjigame
2010-06-09 18:44 . 2010-05-25 19:38 1100 ----a-w- c:\users\user\AppData\Local\d3d8caps.dat
2010-06-06 01:49 . 2010-06-06 01:49 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-06-06 01:48 . 2010-06-06 01:48 -------- d-----w- c:\programdata\Malwarebytes
2010-06-04 23:55 . 2010-06-04 23:54 -------- d-----w- c:\program files\Project64 1.6
2010-06-04 23:54 . 2010-02-28 21:15 8854 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-06-04 23:54 . 2010-02-28 21:15 40960 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-06-04 23:54 . 2010-02-28 21:15 40960 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-06-03 22:59 . 2010-06-03 22:59 -------- d-----w- c:\program files\Panda Security
2010-06-03 02:57 . 2010-06-03 02:57 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-06-01 14:30 . 2009-10-01 14:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 20:45 . 2010-05-21 23:56 -------- d-----w- c:\users\Admin\AppData\Roaming\Juce VST Host
2010-05-28 20:45 . 2010-05-21 23:55 -------- d-----w- c:\users\Admin\AppData\Roaming\Sawer
2010-05-28 01:15 . 2010-03-20 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\codeblocks
2010-05-26 16:16 . 2010-06-28 18:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-28 18:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 01:49 . 2008-08-12 05:12 163808 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 23:57 . 2010-05-21 23:57 -------- d-----w- c:\users\Admin\AppData\Roaming\Hardcore
2010-05-21 21:35 . 2010-05-21 21:35 -------- d-----w- c:\program files\Image-Line
2010-05-21 21:35 . 2010-05-21 21:35 -------- d-----w- c:\program files\Outsim
2010-05-21 14:37 . 2008-08-21 20:08 1510 ----a-w- c:\windows\Sketchpad Preferences.dat
2010-05-16 21:14 . 2010-05-16 21:14 -------- d-----w- c:\programdata\2DBoy
2010-05-15 17:05 . 2010-05-15 17:05 9062 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_6FEFF9B68218417F98F549.exe
2010-05-15 17:05 . 2010-05-15 17:05 23558 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_357C06FAD2FC0DA52A6B45.exe
2010-05-15 17:05 . 2010-05-15 17:05 137115 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_ADAB0E427A888143B08FAE.exe
2010-05-15 17:05 . 2010-05-15 17:05 137115 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_5D50E12A3F942D5765FD03.exe
2010-05-15 17:05 . 2010-05-15 17:05 11310 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_8C743AFA18BBC51C7F134B.exe
2010-05-15 17:05 . 2010-05-15 17:05 11310 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_1A3359F6F38FB6AB48EC63.exe
2010-05-15 17:05 . 2010-05-15 17:05 11310 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_081E09237481BE9AB76A14.exe
2010-05-15 03:31 . 2008-08-12 05:13 -------- d-----w- c:\program files\Google
2010-05-11 03:38 . 2010-05-11 03:38 1988608 ----a-w- c:\programdata\YoYoGames\yoyo80.exe
2010-05-11 03:38 . 2010-05-07 22:24 495616 ----a-w- c:\programdata\YoYoGames\d3dx8.dll
2010-05-11 03:38 . 2010-05-07 22:21 -------- d-----w- c:\programdata\YoYoGames
2010-05-11 03:34 . 2010-05-11 03:33 1598272 ----a-w- c:\programdata\YoYoGames\yoyo61.exe
2010-05-07 22:24 . 2010-05-07 22:23 1992000 ----a-w- c:\programdata\YoYoGames\yoyo70.exe
2010-05-05 23:50 . 2010-05-04 07:12 1100 ----a-w- c:\windows\blocks.dat
2010-05-05 11:38 . 2010-05-05 11:38 0 ----a-w- C:\LOG104B.tmp
2010-05-04 07:11 . 2010-05-04 07:11 130 ----a-w- c:\windows\hs2.dat
2010-05-04 07:11 . 2010-05-04 07:11 130 ----a-w- c:\windows\hs1.dat
2010-05-04 05:59 . 2010-06-28 18:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-28 18:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-28 18:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-28 18:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-28 18:14 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 13:55 . 2010-05-25 21:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:10 . 2010-06-28 18:14 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-28 18:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-16 16:05 . 2010-06-28 18:14 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-28 18:14 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-28 18:14 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-28 18:14 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 14:17 . 2010-06-28 18:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-01-23 13:40 . 2010-04-28 03:11 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2010-01-23 13:40 . 2010-04-28 03:11 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 68856]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"331BigDog"="c:\windows\VM331_STI.EXE" [2008-10-29 294912]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-09 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-08-09 167936]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-06-06 3010560]
"NWTRAY"="NWTRAY.EXE" [2009-03-27 30992]
"Vlogin"="c:\batch\xo\vlogin.bat" [2008-06-03 1438]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-24 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-24 145944]
"NotificationManager"="c:\program files\PatchLink\Update Agent\NotificationManager.exe" [2008-04-28 587112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-28 2065760]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes' Anti-Malware"="d:\my files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
Novell iFolder.lnk - c:\program files\Novell\iFolder\trayapp.exe [2008-8-20 266317]
WinZip Quick Pick.lnk - d:\my files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2007-08-08 458752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-01-10 16:52 24576 ----a-w- c:\windows\System32\novell\xtnotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504159495-1915777745-560655815-1000]
"EnableNotificationsRef"=dword:0000000a
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504159495-1915777745-560655815-1005]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504159495-1915777745-560655815-500]
"EnableNotificationsRef"=dword:00000001
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-28 216400]
R1 SASDIFSV;SASDIFSV;d:\my files\Virus Protection\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;d:\my files\Virus Protection\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-14 1172728]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-28 308136]
R2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [2009-10-16 1709416]
R2 FJSPA;FJSPA;c:\program files\Fujitsu\FJSPA\FJSPA.sys [2006-12-08 17712]
R2 gupdate1c9ff3c1c6b3ac5;Google Update Service (gupdate1c9ff3c1c6b3ac5);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]
R2 MBAMService;MBAMService;d:\my files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-03-27 82456]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-03-27 54296]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-08-02 11264]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [2007-01-10 61440]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2009-03-27 16656]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 ampa;ampa;c:\windows\system32\ampa.sys [2010-05-25 12728]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-14 475520]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-04-03 16808]
R3 vm331avs;USB2.0 Digital Camera;c:\windows\system32\Drivers\vm331avs.sys [2008-09-23 976896]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-04 52872]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-29 8960]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2008-06-19 12712]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2009-03-27 91160]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2009-03-27 110616]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2009-03-27 22552]
S0 NifFltr;NifFltr;
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-28 243024]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]
S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2008-03-03 18944]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-01-21 41560]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2008-03-27 30888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-12 14:55]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:49]
2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:49]
2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-504159495-1915777745-560655815-1005Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 03:34]
2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-504159495-1915777745-560655815-1005UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 03:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.d-e.org/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppanda3d.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SMARTSNMPAgent.exe - c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
HKLM-Run-PWRISOVM.EXE - d:\poweriso\PWRISOVM.EXE
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-BitTorrent - d:\bittorrent\uninst.exe
AddRemove-CompuApps SwissKnife - d:\my files\useful programs\SWISSKNIFE\SKUninst.ISU
AddRemove-Construct_is1 - d:\scirra\Construct\unins000.exe
AddRemove-Easy Picture2Icon - d:\my files\Useful Programs\EasyPicture2Icon\uninst.exe
AddRemove-FFmpeg for Audacity on Windows_is1 - d:\ffmpeg for audacity\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - d:\free youtube to mp3 converter\unins000.exe
AddRemove-GooTool - d:\my files\Games\WorldOfGoo\uninstall.exe
AddRemove-GSplit3Set - d:\gsplit\Uninst.exe
AddRemove-HTMLKit_is1 - d:\chami\HTML-Kit\unins000.exe
AddRemove-Magic ISO Maker v5.5 (build 0274) - d:\myfile~1\USEFUL~1\MagicISO\UNWISE.EXE
AddRemove-MilkShape 3D 1.8.2 - d:\milkshape 3d 1.8.2\uninstall.exe
AddRemove-Panda3D 1.6.2 - d:\panda3d-1.6.2\uninst.exe
AddRemove-Panda3D Game Engine - d:\panda3d\uninst.exe
AddRemove-Partition Assistant Home Edition_is1 - d:\my files\Useful Programs\Partition Assistant\unins000.exe
AddRemove-PartitionExpert - d:\my files\Useful Programs\PartitionExpert\MediaBuilder.exe
AddRemove-PowerISO - d:\poweriso\uninstall.exe
AddRemove-Scratch - c:\program files\Scratch\uninstall.exe
AddRemove-UltraISO_is1 - d:\my files\Useful Programs\UltraISO\unins000.exe
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins001.exe
AddRemove-WinRAR archiver - d:\winrar\uninstall.exe
AddRemove-CodeBlocks - c:\program files\CodeBlocks\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-07 23:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\ncv1_0.dll
.
Completion time: 2010-07-07 23:57:15
ComboFix-quarantined-files.txt 2010-07-08 03:57
Pre-Run: 3,978,924,032 bytes free
Post-Run: 4,042,391,552 bytes free
- - End Of File - - 90794934A4AAFCCE5184F453F94A6E90
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-08 00:22:17
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Windows\TEMP\pfrdipod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text bridge.sys 8BC83462 519 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
? C:\Windows\TEMP\catchme.sys The system cannot find the file specified. !
? C:\Windows\TEMP\mbr.sys The system cannot find the file specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74AF88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74B398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74AFB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74AEFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74AF7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74AEEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B2B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74AFBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74AF074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74AF06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74AE71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74B7D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74B17379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74AEE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74AE697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74AE69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74AF2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
ADS C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe:BAK 22528 bytes executable
---- EOF - GMER 1.0.15 ----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:18 AM, on 7/8/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
D:\My Files\Virus Protection\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Vlogin] C:\batch\xo\vlogin.bat
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NotificationManager] C:\Program Files\PatchLink\Update Agent\NotificationManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\My Files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ff3c1c6b3ac5) (gupdate1c9ff3c1c6b3ac5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: ZENworks Patch Management Update (PatchLink Update) - Novell, Inc. - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\Windows\System32\Novell\XTAgent.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 8589 bytes
www.malwarebytes.orgDatabase version: 4245
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18928
7/8/2010 3:30:11 PM
mbam-log-2010-07-08 (15-30-11).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 379287
Time elapsed: 50 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I am really desperate (considering I basically can't use my computer without safe mode), so I'll try pretty much anything.
--Sorry I'm asking for help again so soon, I really don't have any idea how this happened.