Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

0xc0000005

5K views 4 replies 1 participant last post by  louiealissa 
#1 ·
hi i'm running xp service pack 2. I've been hi by malware and trojans in the past couple days. when my computer starts, the 0xc0000005 program failed to initialize error appears for userinit.exe. I click ok, and then open up task manager and run explorer.exe from there. Once I do that, a whole bunch of the 0xc0000005 RUNDLL32.exe application errors occur, the same as the userinit.exe error. after that the system is ok but, i can't access many things such as progam removals.

I got spyhunter 3, ran it with the latest definition updates in which I deleted alot of registry infections, cookies and a few trojans. still the ads continue and I don't have full access of my computer.

Here is the HJT file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:40 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKLM\..\Run: [d44f4894] rundll32.exe "C:\WINDOWS\system32\jnxnlhry.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E793A.dat
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7598 bytes

I tried using combofix to get a file for you guys, the the 0xc0000005 error comes up for find.exe and cmd.exe, like 6 times for both.

Thanks in advance for whoever helps me, I'm in a real spot of bother, thank you.
 
See less See more
#2 ·
hey guys i downloaded and used fixIEDef and this is the log file.

Created at 16:22:43 on Sunday, October 12, 2008
Time Zone : (GMT+10:00) Canberra, Melbourne, Sydney
Logged On User : Louie
Operating System : Microsoft Windows XP Professional Service Pack 2
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel Pentium III Xeon processor
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 305.23 GB
System Drive Free : 94.85 GB
Total Physical Memory: 2046 MB
Free Physical Memory : 1526 MB
Total Page File : 2046 MB
Free Page File : 3584 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1960 MB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
C:\WINDOWS\SwSys1.bmp
C:\WINDOWS\SwSys2.bmp
C:\WINDOWS\system32\__c00E793A.dat
C:\WINDOWS\system32\Uninstall.ico
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
=======================================================

after this, I restarted the computer, the userinit.exe and all the runll32.exe errors (0xc0000005) did not come up and the computer loaded fine. I checked, and I could open program removals. I just want to double check that I'm in the clear, or is there more to do.
 
#4 ·
combofix log as follows

ComboFix 08-10-11.02 - Louie 2008-10-12 21:22:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1574 [GMT 11:00]
Running from: C:\Documents and Settings\Louie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Louie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Downloaded Sounds\cookies.mp3
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\__c0094AD7.dat
C:\WINDOWS\system32\bueuabty.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\icyfyjdh.ini
C:\WINDOWS\system32\khfdEXnK.dll
C:\WINDOWS\system32\KnXEdfhk.ini
C:\WINDOWS\system32\KnXEdfhk.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\qulyheak.ini
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xjcopvgq.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-12 21:33 . 2008-10-12 21:33 104 --a------ C:\WINDOWS\system32\NvApps.xml
2008-10-12 21:03 . 2008-10-12 21:33 13,588 --a------ C:\WINDOWS\system32\wpa.dbl
2008-10-12 21:03 . 2008-10-12 21:03 13,588 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-12 18:33 . 2008-10-12 21:32 64,984 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
2008-10-12 18:33 . 2008-10-12 21:32 54,320 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
2008-10-12 18:33 . 2008-10-12 21:32 54,320 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
2008-10-12 18:33 . 2008-10-12 21:32 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-10-12 18:33 . 2008-10-12 21:32 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-10-12 17:51 . 2007-05-21 19:07 1,063 --a------ C:\Documents and Settings\Downloaded Applications\Start.bat
2008-10-12 16:22 . 2008-10-12 21:06 d-------- C:\!FixIEDef
2008-10-12 16:11 . 2007-06-03 11:33 1,266,142 --a------ C:\Documents and Settings\Downloaded Applications\ComboFix.exe
2008-10-12 15:48 . 2008-10-12 15:48 120 --ahs---- C:\WINDOWS\system32\yrhlnxnj.ini
2008-10-11 10:44 . 2008-10-11 10:44 d-------- C:\Program Files\Enigma Software Group
2008-10-11 10:15 . 2008-10-11 10:15 d-------- C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug\Crack
2008-10-11 10:15 . 2008-10-11 10:16 d-------- C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug
2008-10-11 10:15 . 2008-10-11 10:17 7,623,644 --a------ C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe
2008-10-11 10:15 . 2008-10-11 10:17 854,256 --a------ C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug\def.dat
2008-10-11 09:59 . 2008-10-11 10:00 9,341,918 --a------ C:\Documents and Settings\Downloaded Applications\SpyHunter-Scanner-Install.exe
2008-10-11 08:46 . 2008-10-11 08:46 d-------- C:\Program Files\Trend Micro
2008-10-08 21:19 . 2008-10-10 17:39 d-------- C:\Documents and Settings\VA - Sunshine Live Vol.27 (2008) - Techno [www.torrentazos.com]
2008-10-03 16:06 . 2008-10-03 16:09 d-------- C:\Documents and Settings\VA - Tunnel Trance Force Vol.46 (2008) - Trance [www.torrentazos.com]
2008-10-03 16:05 . 2008-10-03 17:51 d-------- C:\Documents and Settings\VA_-_Clubfanatix_116_All_Your_Bass_Are_Belong_To_Us-REAL-2008-VANiLLA
2008-10-02 19:05 . 2008-10-02 19:05 55 -ra------ C:\WINDOWS\amunres.lsl
2008-10-02 18:32 . 2008-10-02 18:32 d-------- C:\Documents and Settings\Louie\Application Data\Symantec
2008-10-02 18:27 . 2008-10-02 19:04 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-02 15:24 . 2008-10-02 15:25 87 --a------ C:\WINDOWS\cdplayer.ini
2008-09-30 15:50 . 2008-10-01 11:03 d-------- C:\Documents and Settings\QuickBooks Pro 2008
2008-09-23 14:59 . 2008-10-11 08:17 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-22 11:57 . 2008-09-22 11:57 d-------- C:\Documents and Settings\Administrator.LOUIESCOMPUTER.000\Application Data\Apple Computer
2008-09-14 23:02 . 2008-09-14 23:02 48,396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 10:33 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-10-11 15:28 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-10-10 23:18 --------- d-----w C:\Documents and Settings\Louie\Application Data\uTorrent
2008-10-10 14:14 --------- d-----w C:\Documents and Settings\Louie\Application Data\LimeWire
2008-10-10 06:40 --------- d-----w C:\Program Files\PKR
2008-10-02 08:13 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-10-02 08:10 --------- d-----w C:\Program Files\Morpheus Ultra
2008-10-02 08:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-02 08:09 --------- d-----w C:\Program Files\Nokia
2008-10-02 08:07 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-10-02 08:07 --------- d-----w C:\Program Files\ANI
2008-10-02 08:06 --------- d-----w C:\Program Files\InterActual
2008-09-28 23:46 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-23 20:05 --------- d-----w C:\Program Files\SopCast
2008-08-26 07:52 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 07:34 --------- d-----w C:\Program Files\Activision
2008-08-24 04:28 22,328 ----a-w C:\Documents and Settings\Louie\Application Data\PnkBstrK.sys
2008-08-24 03:59 --------- d-----w C:\Documents and Settings\Louie\Application Data\Samsung
2008-08-24 03:58 --------- d-----w C:\Program Files\PartyGaming
2008-08-23 10:56 --------- d-----w C:\Documents and Settings\Louie\Application Data\GSC
2008-08-22 05:25 --------- d-----w C:\Documents and Settings\Louie\Application Data\Internode
2008-08-21 05:10 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-21 05:10 --------- d-----w C:\Program Files\NETGEAR
2008-08-20 19:01 --------- d-----w C:\Program Files\TVUPlayer
2008-08-20 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-19 09:50 --------- d-----w C:\Program Files\iTunes
2008-08-19 09:50 --------- d-----w C:\Program Files\iPod
2008-08-19 09:49 --------- d-----w C:\Program Files\QuickTime
2008-08-19 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-19 09:48 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-19 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-17 17:12 --------- d-----w C:\Program Files\Sun
2008-08-17 17:12 --------- d-----w C:\Program Files\Java
2008-08-16 10:22 --------- d-----w C:\Program Files\Empire Interactive
2008-08-12 22:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-11 05:42 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-03 06:49 7,038,932 ----a-w C:\Documents and Settings\Downloaded Applications\TradeManager2Install.exe
2007-09-05 08:25 6,921,688 ----a-w C:\Documents and Settings\Downloaded Applications\bsplayer223.953_clip.exe
2007-08-23 10:38 3,556,320 ----a-w C:\Documents and Settings\Downloaded Applications\LimeWireWin.exe
2007-08-09 14:07 1,326,034 ----a-w C:\Documents and Settings\Downloaded Applications\3wPlayer-1.5.0.0-setup-0590.exe
2007-05-16 07:59 55,375,318 ----a-w C:\Documents and Settings\Downloaded Applications\20051005171401734_MediaStudio5_5132.exe
2007-05-16 07:25 20,895,188 ----a-w C:\Documents and Settings\Downloaded Applications\20050708202825562_SamsungMediaStudio.exe
2007-04-28 05:47 9,694,168 ----a-w C:\Documents and Settings\Downloaded Applications\vlc-0.8.6b-win32.exe
2007-02-12 09:41 43,227,620 ----a-w C:\Documents and Settings\Downloaded Applications\20060707113151625_PIMs_file_manager.exe
2007-02-12 09:29 3,777,502 ----a-w C:\Documents and Settings\Downloaded Applications\20070117110909687_USB_driver_Setup.exe
2006-10-26 06:58 22,058,458 ----a-w C:\Program Files\pes6.exe
2006-10-11 05:06 3,056,092 ----a-w C:\Documents and Settings\Downloaded Applications\20060622081032765_USB_driver.exe
2006-08-02 02:58 3,989,472 ----a-w C:\Documents and Settings\Downloaded Applications\USB_driver.exe
2006-01-30 09:37 47,420,892 ----a-w C:\Documents and Settings\Downloaded Applications\20060102104255609_PIMS_and_File_Manager.exe
2006-08-20 11:21 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
Code:
<pre>
----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\Virtual DJ\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Program Files\Virtual DJ\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360]
"InternodeUsage"="C:\PROGRA~1\INTERN~2\mum.exe" [2007-07-06 1197568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-25 385024]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-06-10 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [N/A]
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 847872]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2005-10-29 C:\WINDOWS\CTHELPER.EXE]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-10-29 C:\WINDOWS\MIDIDEF.EXE]
C:\Documents and Settings\Louie\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [2006-08-20 221696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2008-08-21 1261568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MemTurbo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MemTurbo.lnk
backup=C:\WINDOWS\pss\MemTurbo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Louie^Start Menu^Programs^Startup^MemTurbo.lnk]
path=C:\Documents and Settings\Louie\Start Menu\Programs\Startup\MemTurbo.lnk
backup=C:\WINDOWS\pss\MemTurbo.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 21:42 296406 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-12-16 13:57 271838 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d44f4894]
C:\WINDOWS\system32\ytbaueub.dll [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 21:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-10-20 15:45 871936 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternodeUsage]
--a------ 2007-07-06 00:17 1197568 C:\PROGRA~1\INTERN~2\mum.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 11:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 11:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 17:32 126976 C:\Program Files\SAMSUNG\Samsung Media Studio 5\SMSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 491484 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--------- 2005-10-14 12:01 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
C:\Program Files\SAMSUNG\Samsung Media Studio\SamsungMediaStudioAgent.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"9842:TCP"= 9842:TCP:SolidNetworkManager
"9842:UDP"= 9842:UDP:SolidNetworkManager
R2 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 1095680]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;D:\BPIKSp50.sys [ ]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
BHO-{CBC22DF6-2BBB-44D7-B49C-68BCEEEAC98F} - C:\WINDOWS\system32\khfdEXnK.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Louie\Application Data\Mozilla\Firefox\Profiles\i64b6pz2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 21:34:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
.
**************************************************************************
.
Completion time: 2008-10-12 21:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-12 10:40:17
Pre-Run: 98,770,026,496 bytes free
Post-Run: 102,551,265,280 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
281 --- E O F --- 2008-09-10 17:30:32

HJT Log as follows. - after I ran combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:45 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7008 bytes

please I really need help. I'm in the process of studying for my exams and can't let this situation go on.
 
#5 ·
mbam log.

Malwarebytes' Anti-Malware 1.28
Database version: 1259
Windows 5.1.2600 Service Pack 2
10/12/2008 10:59:07 PM
mbam-log-2008-10-12 (22-59-03).txt
Scan type: Full Scan (C:\|)
Objects scanned: 127060
Time elapsed: 42 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Documents and Settings\Louie\Local Settings\Temp\ytc3.tmp (Backdoor.ProRat) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Louie\Local Settings\Temp\ytc3.tmp (Backdoor.ProRat) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP372\A0918973.dll (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0946634.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951143.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951197.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951200.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951202.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951207.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951208.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951209.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951210.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP401\A0951306.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP401\A0951307.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP401\A0951308.dll (Trojan.Vundo) -> No action taken.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top