1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

0xc0000005

Discussion in 'Virus & Other Malware Removal' started by louiealissa, Oct 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. louiealissa

    louiealissa Thread Starter

    Joined:
    Oct 12, 2008
    Messages:
    5
    hi i'm running xp service pack 2. I've been hi by malware and trojans in the past couple days. when my computer starts, the 0xc0000005 program failed to initialize error appears for userinit.exe. I click ok, and then open up task manager and run explorer.exe from there. Once I do that, a whole bunch of the 0xc0000005 RUNDLL32.exe application errors occur, the same as the userinit.exe error. after that the system is ok but, i can't access many things such as progam removals.

    I got spyhunter 3, ran it with the latest definition updates in which I deleted alot of registry infections, cookies and a few trojans. still the ads continue and I don't have full access of my computer.

    Here is the HJT file.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:06:40 PM, on 10/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
    O4 - HKLM\..\Run: [d44f4894] rundll32.exe "C:\WINDOWS\system32\jnxnlhry.dll",b
    O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E793A.dat
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 7598 bytes

    I tried using combofix to get a file for you guys, the the 0xc0000005 error comes up for find.exe and cmd.exe, like 6 times for both.

    Thanks in advance for whoever helps me, I'm in a real spot of bother, thank you.
     
  2. louiealissa

    louiealissa Thread Starter

    Joined:
    Oct 12, 2008
    Messages:
    5
    hey guys i downloaded and used fixIEDef and this is the log file.

    Created at 16:22:43 on Sunday, October 12, 2008
    Time Zone : (GMT+10:00) Canberra, Melbourne, Sydney
    Logged On User : Louie
    Operating System : Microsoft Windows XP Professional Service Pack 2
    OS Version : 5.1.2600
    System Langauge : English (United States)
    Keyboard Layout : English (United States)
    Processor : X86 Intel Pentium III Xeon processor
    System Drive : C:\
    Windows Directory : C:\WINDOWS
    System Directory : C:\WINDOWS\system32
    System Drive Type : Fixed
    System Drive Status : READY
    System Drive Label :
    System Drive Size : 305.23 GB
    System Drive Free : 94.85 GB
    Total Physical Memory: 2046 MB
    Free Physical Memory : 1526 MB
    Total Page File : 2046 MB
    Free Page File : 3584 MB
    Total Virtual Memory : 2048 MB
    Free Virtual Memory : 1960 MB
    Boot State : Normal boot
    --------------------------------------------------------------------------------
    !!! Files that have been deleted !!!
    C:\WINDOWS\SwSys1.bmp
    C:\WINDOWS\SwSys2.bmp
    C:\WINDOWS\system32\__c00E793A.dat
    C:\WINDOWS\system32\Uninstall.ico
    --------------------------------------------------------------------------------
    !!! Directories that have been removed !!!
    No malicious directories to be removed
    --------------------------------------------------------------------------------
    !!! Registry entries that have been removed !!!
    No malicious Registry entries found
    =======================================================

    after this, I restarted the computer, the userinit.exe and all the runll32.exe errors (0xc0000005) did not come up and the computer loaded fine. I checked, and I could open program removals. I just want to double check that I'm in the clear, or is there more to do.
     
  3. louiealissa

    louiealissa Thread Starter

    Joined:
    Oct 12, 2008
    Messages:
    5
    problems are all back. i looked and the files that FixIEDef deleted get re-created over and over. I tried using ComboFix but it won't let me, it comes up with the 0xc0000005 error for cmd.exe and find.exe.

    what do I, please help me
     
  4. louiealissa

    louiealissa Thread Starter

    Joined:
    Oct 12, 2008
    Messages:
    5
    combofix log as follows

    ComboFix 08-10-11.02 - Louie 2008-10-12 21:22:48.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1574 [GMT 11:00]
    Running from: C:\Documents and Settings\Louie\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Louie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Downloaded Sounds\cookies.mp3
    C:\WINDOWS\IE4 Error Log.txt
    C:\WINDOWS\system32\__c0094AD7.dat
    C:\WINDOWS\system32\bueuabty.ini
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\icyfyjdh.ini
    C:\WINDOWS\system32\khfdEXnK.dll
    C:\WINDOWS\system32\KnXEdfhk.ini
    C:\WINDOWS\system32\KnXEdfhk.ini2
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\qulyheak.ini
    C:\WINDOWS\system32\UpMedia
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\xjcopvgq.ini
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_NPF
    -------\Service_NPF

    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .
    2008-10-12 21:33 . 2008-10-12 21:33 104 --a------ C:\WINDOWS\system32\NvApps.xml
    2008-10-12 21:03 . 2008-10-12 21:33 13,588 --a------ C:\WINDOWS\system32\wpa.dbl
    2008-10-12 21:03 . 2008-10-12 21:03 13,588 --a------ C:\WINDOWS\system32\wpa.bak
    2008-10-12 18:33 . 2008-10-12 21:32 64,984 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
    2008-10-12 18:33 . 2008-10-12 21:32 54,320 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
    2008-10-12 18:33 . 2008-10-12 21:32 54,320 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
    2008-10-12 18:33 . 2008-10-12 21:32 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
    2008-10-12 18:33 . 2008-10-12 21:32 1,080 --a------ C:\WINDOWS\system32\settings.sfm
    2008-10-12 17:51 . 2007-05-21 19:07 1,063 --a------ C:\Documents and Settings\Downloaded Applications\Start.bat
    2008-10-12 16:22 . 2008-10-12 21:06 <DIR> d-------- C:\!FixIEDef
    2008-10-12 16:11 . 2007-06-03 11:33 1,266,142 --a------ C:\Documents and Settings\Downloaded Applications\ComboFix.exe
    2008-10-12 15:48 . 2008-10-12 15:48 120 --ahs---- C:\WINDOWS\system32\yrhlnxnj.ini
    2008-10-11 10:44 . 2008-10-11 10:44 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-10-11 10:15 . 2008-10-11 10:15 <DIR> d-------- C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug\Crack
    2008-10-11 10:15 . 2008-10-11 10:16 <DIR> d-------- C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug
    2008-10-11 10:15 . 2008-10-11 10:17 7,623,644 --a------ C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe
    2008-10-11 10:15 . 2008-10-11 10:17 854,256 --a------ C:\Documents and Settings\SpyHunter Security Suite v3.4.9+Crack-HeartBug\def.dat
    2008-10-11 09:59 . 2008-10-11 10:00 9,341,918 --a------ C:\Documents and Settings\Downloaded Applications\SpyHunter-Scanner-Install.exe
    2008-10-11 08:46 . 2008-10-11 08:46 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-08 21:19 . 2008-10-10 17:39 <DIR> d-------- C:\Documents and Settings\VA - Sunshine Live Vol.27 (2008) - Techno [www.torrentazos.com]
    2008-10-03 16:06 . 2008-10-03 16:09 <DIR> d-------- C:\Documents and Settings\VA - Tunnel Trance Force Vol.46 (2008) - Trance [www.torrentazos.com]
    2008-10-03 16:05 . 2008-10-03 17:51 <DIR> d-------- C:\Documents and Settings\VA_-_Clubfanatix_116_All_Your_Bass_Are_Belong_To_Us-REAL-2008-VANiLLA
    2008-10-02 19:05 . 2008-10-02 19:05 55 -ra------ C:\WINDOWS\amunres.lsl
    2008-10-02 18:32 . 2008-10-02 18:32 <DIR> d-------- C:\Documents and Settings\Louie\Application Data\Symantec
    2008-10-02 18:27 . 2008-10-02 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-02 15:24 . 2008-10-02 15:25 87 --a------ C:\WINDOWS\cdplayer.ini
    2008-09-30 15:50 . 2008-10-01 11:03 <DIR> d-------- C:\Documents and Settings\QuickBooks Pro 2008
    2008-09-23 14:59 . 2008-10-11 08:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-22 11:57 . 2008-09-22 11:57 <DIR> d-------- C:\Documents and Settings\Administrator.LOUIESCOMPUTER.000\Application Data\Apple Computer
    2008-09-14 23:02 . 2008-09-14 23:02 48,396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 10:33 16,608 ----a-w C:\WINDOWS\gdrv.sys
    2008-10-11 15:28 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-10-10 23:18 --------- d-----w C:\Documents and Settings\Louie\Application Data\uTorrent
    2008-10-10 14:14 --------- d-----w C:\Documents and Settings\Louie\Application Data\LimeWire
    2008-10-10 06:40 --------- d-----w C:\Program Files\PKR
    2008-10-02 08:13 --------- d-----w C:\Program Files\Octoshape Streaming Services
    2008-10-02 08:10 --------- d-----w C:\Program Files\Morpheus Ultra
    2008-10-02 08:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-02 08:09 --------- d-----w C:\Program Files\Nokia
    2008-10-02 08:07 --------- d-----w C:\Program Files\InstallShield Installation Information
    2008-10-02 08:07 --------- d-----w C:\Program Files\ANI
    2008-10-02 08:06 --------- d-----w C:\Program Files\InterActual
    2008-09-28 23:46 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-09-23 20:05 --------- d-----w C:\Program Files\SopCast
    2008-08-26 07:52 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-24 07:34 --------- d-----w C:\Program Files\Activision
    2008-08-24 04:28 22,328 ----a-w C:\Documents and Settings\Louie\Application Data\PnkBstrK.sys
    2008-08-24 03:59 --------- d-----w C:\Documents and Settings\Louie\Application Data\Samsung
    2008-08-24 03:58 --------- d-----w C:\Program Files\PartyGaming
    2008-08-23 10:56 --------- d-----w C:\Documents and Settings\Louie\Application Data\GSC
    2008-08-22 05:25 --------- d-----w C:\Documents and Settings\Louie\Application Data\Internode
    2008-08-21 05:10 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-08-21 05:10 --------- d-----w C:\Program Files\NETGEAR
    2008-08-20 19:01 --------- d-----w C:\Program Files\TVUPlayer
    2008-08-20 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-19 09:50 --------- d-----w C:\Program Files\iTunes
    2008-08-19 09:50 --------- d-----w C:\Program Files\iPod
    2008-08-19 09:49 --------- d-----w C:\Program Files\QuickTime
    2008-08-19 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-19 09:48 --------- d-----w C:\Program Files\Common Files\Apple
    2008-08-19 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-17 17:12 --------- d-----w C:\Program Files\Sun
    2008-08-17 17:12 --------- d-----w C:\Program Files\Java
    2008-08-16 10:22 --------- d-----w C:\Program Files\Empire Interactive
    2008-08-12 22:51 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-08-11 05:42 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-10-03 06:49 7,038,932 ----a-w C:\Documents and Settings\Downloaded Applications\TradeManager2Install.exe
    2007-09-05 08:25 6,921,688 ----a-w C:\Documents and Settings\Downloaded Applications\bsplayer223.953_clip.exe
    2007-08-23 10:38 3,556,320 ----a-w C:\Documents and Settings\Downloaded Applications\LimeWireWin.exe
    2007-08-09 14:07 1,326,034 ----a-w C:\Documents and Settings\Downloaded Applications\3wPlayer-1.5.0.0-setup-0590.exe
    2007-05-16 07:59 55,375,318 ----a-w C:\Documents and Settings\Downloaded Applications\20051005171401734_MediaStudio5_5132.exe
    2007-05-16 07:25 20,895,188 ----a-w C:\Documents and Settings\Downloaded Applications\20050708202825562_SamsungMediaStudio.exe
    2007-04-28 05:47 9,694,168 ----a-w C:\Documents and Settings\Downloaded Applications\vlc-0.8.6b-win32.exe
    2007-02-12 09:41 43,227,620 ----a-w C:\Documents and Settings\Downloaded Applications\20060707113151625_PIMs_file_manager.exe
    2007-02-12 09:29 3,777,502 ----a-w C:\Documents and Settings\Downloaded Applications\20070117110909687_USB_driver_Setup.exe
    2006-10-26 06:58 22,058,458 ----a-w C:\Program Files\pes6.exe
    2006-10-11 05:06 3,056,092 ----a-w C:\Documents and Settings\Downloaded Applications\20060622081032765_USB_driver.exe
    2006-08-02 02:58 3,989,472 ----a-w C:\Documents and Settings\Downloaded Applications\USB_driver.exe
    2006-01-30 09:37 47,420,892 ----a-w C:\Documents and Settings\Downloaded Applications\20060102104255609_PIMS_and_File_Manager.exe
    2006-08-20 11:21 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .
    Code:
    <pre>
    ----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\Virtual DJ\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
    ----a-w           291,928 2007-01-07 07:14:24  C:\Program Files\Virtual DJ\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360]
    "InternodeUsage"="C:\PROGRA~1\INTERN~2\mum.exe" [2007-07-06 1197568]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-25 385024]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-06-10 196608]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [N/A]
    "Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 847872]
    "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
    "CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "CTHelper"="CTHELPER.EXE" [2005-10-29 C:\WINDOWS\CTHELPER.EXE]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 C:\WINDOWS\RTHDCPL.exe]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 15360]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2005-10-29 C:\WINDOWS\MIDIDEF.EXE]
    C:\Documents and Settings\Louie\Start Menu\Programs\Startup\
    MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [2006-08-20 221696]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2008-08-21 1261568]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
    backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MemTurbo.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MemTurbo.lnk
    backup=C:\WINDOWS\pss\MemTurbo.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^Louie^Start Menu^Programs^Startup^MemTurbo.lnk]
    path=C:\Documents and Settings\Louie\Start Menu\Programs\Startup\MemTurbo.lnk
    backup=C:\WINDOWS\pss\MemTurbo.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    m‘|\ü [X]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-07-22 21:42 296406 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2005-12-16 13:57 271838 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d44f4894]
    C:\WINDOWS\system32\ytbaueub.dll [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 21:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2005-10-20 15:45 871936 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternodeUsage]
    --a------ 2007-07-06 00:17 1197568 C:\PROGRA~1\INTERN~2\mum.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 11:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 11:50 413696 C:\Program Files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    --a------ 2007-02-23 17:32 126976 C:\Program Files\SAMSUNG\Samsung Media Studio 5\SMSTray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 491484 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
    --------- 2005-10-14 12:01 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
    C:\Program Files\SAMSUNG\Samsung Media Studio\SamsungMediaStudioAgent.exe [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\muzapp.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "9842:TCP"= 9842:TCP:SolidNetworkManager
    "9842:UDP"= 9842:UDP:SolidNetworkManager
    R2 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
    R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 1095680]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
    S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;D:\BPIKSp50.sys [ ]
    S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [ ]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ]
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{CBC22DF6-2BBB-44D7-B49C-68BCEEEAC98F} - C:\WINDOWS\system32\khfdEXnK.dll

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Louie\Application Data\Mozilla\Firefox\Profiles\i64b6pz2.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 21:34:00
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\CTXFISPI.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-12 21:40:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-12 10:40:17
    Pre-Run: 98,770,026,496 bytes free
    Post-Run: 102,551,265,280 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    281 --- E O F --- 2008-09-10 17:30:32

    HJT Log as follows. - after I ran combofix

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:48:45 PM, on 10/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 7008 bytes


    please I really need help. I'm in the process of studying for my exams and can't let this situation go on.
     
  5. louiealissa

    louiealissa Thread Starter

    Joined:
    Oct 12, 2008
    Messages:
    5
    mbam log.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1259
    Windows 5.1.2600 Service Pack 2
    10/12/2008 10:59:07 PM
    mbam-log-2008-10-12 (22-59-03).txt
    Scan type: Full Scan (C:\|)
    Objects scanned: 127060
    Time elapsed: 42 minute(s), 14 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\Documents and Settings\Louie\Local Settings\Temp\ytc3.tmp (Backdoor.ProRat) -> No action taken.
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Documents and Settings\Louie\Local Settings\Temp\ytc3.tmp (Backdoor.ProRat) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP372\A0918973.dll (Adware.Shopper) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0946634.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951143.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951197.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951200.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951202.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951207.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951208.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951209.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP400\A0951210.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP401\A0951306.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP401\A0951307.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5665526E-9A63-412A-AE82-54F81B2BC021}\RP401\A0951308.dll (Trojan.Vundo) -> No action taken.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758324

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice