Articles

Pop-ups and Audio Ads Virus

December 21, 2009 at 07:26:17
Specs: Windows XP

I saw a post here that talked about the same virus I am experiencing, but there wasn't a specific fix posted.

I was trying to help a friend find a file through shareware and we both downloaded a file that placed this virus on our computers. We get pop-up screens when internet is not running and audio advertisements that randomly play every few minutes.

I've run adaware, deleted the file that we downloaded and ran a disk cleanup but whatever it is has installed and isn't coming off with the software Ive used thus far.


See More: Pop-ups and Audio Ads Virus

Report •


#1
December 21, 2009 at 07:31:21

We will need to run some scan to help fin the baddies.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Download RootRepeal from one of the links on the rootrepeal download page. It can be downloaded as a .rar or .zip file which ever you like. If you get a bandwidth problem notice just try another link.


RootRepeal

Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop.
Disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.
Now run the RootRepeal.exe program by double clicking on it.
On the botton click the Files tab and then click the Scan button
A Select Drives form will open. Select all of your drives by checking the boxes and then click ok.
It will start scanning. It may take a while to finish depending on how many drives, files and folder you have so be patient and wait on it.
When it finishes click “save report” and save at a easy place to locate such as your desktop. Save it as Rrlog.txt.
Place post the log that was produced to the forum.


Report •

#2
December 21, 2009 at 07:50:40

info.txt logfile of random's system information tool 1.06 2009-12-21 09:52:42

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
1Click DVD Copy 5.8.4.0-->"C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
AVG Anti-Virus 7.1-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Creative Driver-->C:\WINNT\system32\ctdrvins /s /u /g
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox Driver\DrvUnins.exe /s
Creative NOMAD II Driver-->C:\Program Files\Creative\NOMAD2 Driver\DrvUnins.exe /s
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINNT\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9
DivX Codec-->C:\WINNT\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
Do More-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Gateway\Do More\Uninst.isu"
DVD43 v4.4.1-->"C:\Program Files\dvd43\unins000.exe"
Dynex Wireless G Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0FD97B19-0764-4BF8-B500-88AAF0F6DED4}\Setup.exe" -l0x9
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EAX Unified-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Empire Earth - The Art of Conquest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EPSON Printer Software-->C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ezLife browser enhancer-->"C:\Program Files\ezLife\ezLife\1.1.2.0\uninstall.exe"
Gateway Drivers and Applications Recovery-->C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Rhapsody-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTW V.92 Voicemodem-->C:\WINNT\GWMDMU.exe verbose
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998)-->"C:\WINNT\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINNT\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINNT\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINNT\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lame ACM MP3 Codec-->"C:\WINNT\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU24.inf
Launchpad Enhanced-->MsiExec.exe /I{BAA11826-70EF-4E44-9E97-8476793E022F}
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\swflash.inf,DefaultUninstall,5
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework (English) v1.0.3705-->C:\WINNT\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINNT\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2003-->MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe d:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{10C69612-017B-45F5-B986-7D113D5A2EA3}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MyFreeCodec-->C:\Program Files\MyFree Codec\09a beta\uninstall.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers-->C:\WINNT\system32\nvudisp.exe UninstallGUI
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PowerCinema NE for Everio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
pressplay-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47D684C4-817D-11D5-818F-009027864C7F}\Setup.exe" -l0x9 ppc
PS/2 Millennium Keyboard-->SKUninst.exe SK_PS2MillenniumKeyboard
QuickTime-->C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RON Too1 Gooochi-->C:\WINNT\system32\gnvqdqplqts.exe
Samsung MDC System-->"C:\WINNT\IFinst27.exe" -UC:\Program Files\Samsung\MDC System\IFU1D7.inf
Samsung Media Studio-->C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINNT\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINNT\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINNT\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINNT\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINNT\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINNT\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINNT\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINNT\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINNT\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINNT\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINNT\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINNT\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINNT\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINNT\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINNT\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINNT\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINNT\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINNT\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINNT\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINNT\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINNT\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINNT\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINNT\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINNT\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINNT\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINNT\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINNT\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINNT\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINNT\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINNT\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINNT\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINNT\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINNT\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINNT\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINNT\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINNT\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINNT\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINNT\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINNT\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINNT\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINNT\$NtUninstallKB976325$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log
SmartAds browser enhancer-->"C:\Program Files\Smart-Ads-Solutions\SmartAds\1.0.27.0\uninstall.exe"
Sonic Foundry ACID 4.0-->MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Star Wars Empire at War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Ulead GIF Animator 5 ESD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ultr@VNC Release 1.0.0 RC 18 - Win32-->"C:\Program Files\UltraVNC\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINNT\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINNT\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINNT\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINNT\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINNT\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINNT\$NtUninstallKB976749$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Security center information======

AV: AVG 7.5.447 (outdated)

======System event log======

Computer Name: ORMSBY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 60166
Source Name: Cdrom
Time Written: 20090519153733.000000-300
Event Type: warning
User:

Computer Name: ORMSBY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 60165
Source Name: Cdrom
Time Written: 20090519153733.000000-300
Event Type: warning
User:

Computer Name: ORMSBY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 60164
Source Name: Cdrom
Time Written: 20090519153733.000000-300
Event Type: warning
User:

Computer Name: ORMSBY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 60163
Source Name: Cdrom
Time Written: 20090519153733.000000-300
Event Type: warning
User:

Computer Name: ORMSBY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 60162
Source Name: Cdrom
Time Written: 20090519153733.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: ORMSBY
Event Code: 1517
Message: Windows saved user ORMSBY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40
Source Name: Userenv
Time Written: 20080224200154.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ORMSBY
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 39
Source Name: Userenv
Time Written: 20080224200151.000000-360
Event Type: warning
User: ORMSBY\Owner

Computer Name: ORMSBY
Event Code: 1000
Message: Faulting application demo32.exe, version 8.0.100.1040, faulting module quicktime.qts, version 5.0.2.15, fault address 0x0007dcee.

Record Number: 38
Source Name: Application Error
Time Written: 20080224125124.000000-360
Event Type: error
User:

Computer Name: ORMSBY
Event Code: 1517
Message: Windows saved user ORMSBY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 30
Source Name: Userenv
Time Written: 20080224021716.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ORMSBY
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 29
Source Name: Userenv
Time Written: 20080224021713.000000-360
Event Type: warning
User: ORMSBY\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\WINNT\Microsoft.NET\Framework\v2.0.50727
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO


Report •

#3
December 21, 2009 at 07:51:17

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-12-21 09:52:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (46%) free of 78 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:36 AM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\regsvr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/
O2 - BHO: ezLife browser enhancer jzgjcotz - {0A08B9BC-3315-4599-9927-C90FB6ECE5E9} - C:\WINNT\system32\jzgjcotz.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 - BHO: SmartAds browser enhancer wfxdkndj - {A1D4DB89-2377-498A-9EDE-314F1CC1AB40} - C:\WINNT\system32\wfxdkndj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: gooochi browser enhancer - {D5689697-A805-F3D8-5006-D58CB412F201} - C:\WINNT\system32\pgalmdzbovdze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Amazing3DAquariumWallpaper] C:\Program Files\Anemone's Reef - Animated 3D Wallpaper\wallpaper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nugxfiwsvxdvqbpg] C:\WINNT\System32\regsvr32.exe /s "C:\WINNT\system32\pgalmdzbovdze.dll"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars...
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://swgbetareg.station.sony.com/...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Dynex DX-WGDTC Service (Dynex DX-WGDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8722 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A08B9BC-3315-4599-9927-C90FB6ECE5E9}]
adShotHlpr Object - C:\WINNT\system32\jzgjcotz.dll [2009-11-16 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}]
MessengerUpdate Class - C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\MsgUpdate.dll [2009-07-27 330752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1D4DB89-2377-498A-9EDE-314F1CC1AB40}]
adHlpr Object - C:\WINNT\system32\wfxdkndj.dll [2009-05-31 325120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-07 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-07 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5689697-A805-F3D8-5006-D58CB412F201}]
gooochi browser enhancer - C:\WINNT\system32\pgalmdzbovdze.dll [2009-12-13 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-07 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"=C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2002-08-06 90112]
"Keyboard Preload Check"=C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:Keyboard Preload Check []
"GWMDMpi"=C:\WINNT\GWMDMpi.exe [2002-08-06 53248]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2009-06-29 827904]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"POINTER"=point32.exe []
"EPSON Stylus C88 Series"=C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [2005-01-27 98304]
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2006-10-22 86016]
"CTHelper"=C:\WINNT\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINNT\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [2001-10-04 28672]
"EverioService"=C:\Program Files\CyberLink\PCM4Everio\EverioService.exe [2007-11-01 151552]
"Amazing3DAquariumWallpaper"=C:\Program Files\Anemone's Reef - Animated 3D Wallpaper\wallpaper.exe []
"EleFunAnimatedWallpaper"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"nugxfiwsvxdvqbpg"=C:\WINNT\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDXGhost"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]
"EleFunAnimatedWallpaper"= []
"IgfxSys"=C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll [2009-07-27 186368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-01-22 411648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-11-07 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2003-07-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Date Manager.lnk - C:\Program Files\Date Manager\DateManager.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\WINNT\system32\muzapp.exe"="C:\WINNT\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Brian_dsk#P]
shell\AutoRun\command - P:\RunGame.exe


======List of files/folders created in the last 1 months======

2009-12-21 09:52:22 ----D---- C:\Program Files\trend micro
2009-12-21 09:52:21 ----D---- C:\rsit
2009-12-21 00:41:55 ----D---- C:\Documents and Settings\Owner\Application Data\Smart-Ads-Solutions
2009-12-21 00:41:55 ----D---- C:\Documents and Settings\Owner\Application Data\ezLife
2009-12-21 00:41:49 ----A---- C:\WINNT\system32\gnvqdqplqts.exe
2009-12-21 00:41:44 ----D---- C:\Program Files\ezLife
2009-12-21 00:41:44 ----D---- C:\Documents and Settings\Owner\Application Data\Messenger
2009-12-21 00:41:43 ----D---- C:\Program Files\Smart-Ads-Solutions
2009-12-20 23:40:40 ----D---- C:\Documents and Settings\Owner\Application Data\TS3Client
2009-12-20 23:22:20 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-09 07:04:32 ----HDC---- C:\WINNT\$NtUninstallKB970430$
2009-12-09 07:04:25 ----HDC---- C:\WINNT\$NtUninstallKB974318$
2009-12-09 07:03:36 ----HDC---- C:\WINNT\$NtUninstallKB976325$
2009-12-09 07:03:27 ----HDC---- C:\WINNT\$NtUninstallKB973904$
2009-12-09 07:03:20 ----HDC---- C:\WINNT\$NtUninstallKB974392$
2009-12-09 07:03:10 ----HDC---- C:\WINNT\$NtUninstallKB971737$
2009-11-25 07:01:30 ----HDC---- C:\WINNT\$NtUninstallKB976098-v2$
2009-11-25 07:01:23 ----HDC---- C:\WINNT\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-21 09:52:28 ----D---- C:\WINNT\Prefetch
2009-12-21 09:52:22 ----AD---- C:\Program Files
2009-12-21 09:50:20 ----D---- C:\Program Files\Mozilla Firefox
2009-12-21 03:03:01 ----AD---- C:\WINNT\system32
2009-12-21 01:45:02 ----D---- C:\WINNT\Temp
2009-12-21 01:27:14 ----AD---- C:\WINNT
2009-12-21 01:07:57 ----RSHD---- C:\WINNT\system32\dllcache
2009-12-21 01:06:11 ----D---- C:\WINNT\system32\CatRoot2
2009-12-21 00:52:11 ----A---- C:\WINNT\{00000002-00000000-00000001-00001102-00000004-00581102}.BAK
2009-12-21 00:50:41 ----A---- C:\WINNT\SchedLgU.Txt
2009-12-21 00:44:30 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-12-20 23:22:37 ----SHD---- C:\WINNT\Installer
2009-12-20 23:22:36 ----D---- C:\WINNT\WinSxS
2009-12-14 14:01:45 ----AC---- C:\WINNT\system32\PerfStringBackup.INI
2009-12-13 13:38:16 ----D---- C:\WINNT\Help
2009-12-13 13:28:48 ----HD---- C:\WINNT\inf
2009-12-13 08:21:52 ----A---- C:\WINNT\system32\pgalmdzbovdze.dll
2009-12-10 17:13:02 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2009-12-09 14:42:34 ----D---- C:\Documents and Settings\Owner\Application Data\Vso
2009-12-09 07:04:35 ----D---- C:\WINNT\system32\drivers
2009-12-09 07:04:29 ----A---- C:\WINNT\imsins.BAK
2009-12-09 07:03:26 ----HD---- C:\WINNT\$hf_mig$
2009-12-07 18:17:59 ----D---- C:\Program Files\LimeWire
2009-12-01 14:06:19 ----A---- C:\WINNT\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINNT\System32\Drivers\avg7core.sys [2008-02-23 775680]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINNT\System32\Drivers\avg7rsw.sys [2005-11-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINNT\System32\Drivers\avg7rsxp.sys [2008-02-23 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINNT\system32\drivers\avgclean.sys [2007-11-09 3968]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-12 6208]
R1 SSHDRV65;SSHDRV65; \??\C:\WINNT\System32\drivers\SSHDRV65.sys []
R1 SSHDRV77;SSHDRV77; \??\C:\WINNT\System32\drivers\SSHDRV77.sys []
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2003-01-13 8552]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINNT\system32\DRIVERS\mdc8021x.sys [2004-05-26 15781]
R2 PfModNT;PfModNT; \??\C:\WINNT\system32\PfModNT.sys []
R2 RioPNP;RioPNP; C:\WINNT\system32\drivers\RioPNP.sys [2000-06-06 6736]
R3 AR5211;Dynex Wireless G Adapter Service; C:\WINNT\system32\DRIVERS\ar5211.sys [2004-07-12 395616]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 dvd43llh;dvd43llh; C:\WINNT\System32\DRIVERS\dvd43llh.sys [2009-07-06 18816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2002-07-19 156604]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINNT\system32\GTNDIS5.SYS []
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINNT\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 Pcouffin;VSO Software pcouffin; C:\WINNT\System32\Drivers\Pcouffin.sys [2009-01-11 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 XMNEHNQD;XMNEHNQD; \??\C:\WINNT\system32\xmnehnqd.gpw []
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINNT\system32\COMMONFX.DLL [2002-07-19 110592]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINNT\system32\CT20XUT.DLL []
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINNT\system32\CTAUDFX.DLL []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINNT\system32\CTEAPSFX.DLL []
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINNT\system32\CTEDSPFX.DLL []
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINNT\system32\CTEDSPIO.DLL []
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINNT\system32\CTEDSPSY.DLL []
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINNT\system32\CTERFXFX.DLL []
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINNT\system32\CTEXFIFX.DLL []
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINNT\system32\CTHWIUT.DLL []
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINNT\system32\CTSBLFX.DLL [2002-07-19 643072]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINNT\System32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 GTWModem;GTW V.92 Voicemodem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2002-08-06 1107680]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINNT\system32\drivers\hap17v2k.sys []
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINNT\System32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCD65X2;PCD65X2; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\PCD65X2.sys []
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PcdrNt;PcdrNt; C:\WINNT\System32\drivers\PcdrNt.sys [2002-12-04 44192]
S3 Pfc;Padus ASPI Shell; \??\C:\WINNT\System32\drivers\pfc.sys []
S3 pnicml;pnicml; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys []
S3 rrdpcdd;rrdpcdd; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\rrdpcdd.sys []
S3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-02-23 353792]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-11-09 49664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINNT\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Dynex DX-WGDTC WLService;Dynex DX-WGDTC Service; C:\Program Files\Dynex Wireless G Adapter\WLService.exe [2004-03-29 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2006-10-22 159810]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2002-08-18 57388]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]
S2 NMSSvc;Intel(R) NMS; C:\WINNT\System32\NMSSvc.exe [2002-05-03 1118208]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

Related Solutions

#4
December 21, 2009 at 08:44:49

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Next go to start> control panel> add/remove probrams and uninstall these programs:


ezLife browser enhancer
SmartAds browser enhancer
Viewpoint Media Player


Remember..your AVG antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#5
December 21, 2009 at 10:37:17

ComboFix 09-12-20.08 - Owner 12/21/2009 12:27:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.609 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\Messenger
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\go29.exe
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst84.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil84.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\pinkip.ico
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\smartasf27.exe
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\zbc20.exe
c:\documents and settings\Owner\Application Data\Messenger\Drivers\conf.sys
c:\documents and settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\MsgUpdate.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\phuninst.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\pub.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\serial.sys
c:\documents and settings\Owner\Application Data\Messenger\Sys\mu.dll
c:\program files\Smart-Ads-Solutions
c:\program files\Smart-Ads-Solutions\SmartAds\1.1.2.0\uninstall.exe
c:\recycler\NPROTECT
c:\winnt\box boat blue.ico
c:\winnt\patch.exe
c:\winnt\Readme.txt
c:\winnt\system32\au3305adc.dll
c:\winnt\system32\muzapp.exe
c:\winnt\system32\SIntf16.dll
c:\winnt\system32\SrchSTS.exe
c:\winnt\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 15:52 . 2009-12-21 15:52 -------- d-----w- c:\program files\trend micro
2009-12-21 15:52 . 2009-12-21 15:52 -------- d-----w- C:\rsit
2009-12-21 06:41 . 2009-12-21 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Smart-Ads-Solutions
2009-12-21 06:41 . 2009-12-21 18:06 -------- d-----w- c:\documents and settings\Owner\Application Data\ezLife
2009-12-21 06:41 . 2009-12-21 18:07 48285 ----a-w- c:\winnt\system32\gnvqdqplqts.exe
2009-12-21 06:41 . 2009-12-21 06:41 -------- d-----w- c:\program files\ezLife
2009-12-21 05:40 . 2009-12-21 05:41 -------- d-----w- c:\documents and settings\Owner\Application Data\TS3Client
2009-12-21 05:22 . 2009-12-21 05:22 -------- d-----w- c:\program files\TeamSpeak 3 Client
2009-11-27 16:23 . 2009-11-19 17:48 872960 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-27 16:23 . 2009-11-19 17:48 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-27 16:23 . 2009-11-19 17:48 340480 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-27 16:23 . 2009-11-19 17:48 346624 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 18:18 . 2005-11-26 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2009-12-21 18:04 . 2009-01-24 18:32 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-12-21 18:01 . 2008-12-01 03:26 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2009-12-21 18:01 . 2008-12-01 03:26 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2009-12-21 17:57 . 2008-05-20 17:01 -------- d-----w- c:\program files\Java
2009-12-21 06:58 . 2009-11-12 23:31 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 06:44 . 2008-05-20 17:03 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-18 17:48 . 2009-09-30 12:41 392704 ----a-w- c:\winnt\system32\pgalmdzbovdze.dll
2009-12-13 14:21 . 2009-09-30 12:41 384000 ----a-w- c:\winnt\system32\_pgalmdzbovdze.dll
2009-12-10 23:13 . 2008-02-04 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy
2009-12-09 20:42 . 2008-01-24 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-12-08 00:17 . 2008-05-20 16:57 -------- d-----w- c:\program files\LimeWire
2009-11-17 23:44 . 2009-11-17 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-11-17 22:21 . 2004-02-05 06:35 64664 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-17 22:21 . 2009-11-17 22:21 127325 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-11-17 22:21 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-16 08:42 . 2009-11-16 08:42 286720 ----a-w- c:\winnt\system32\jzgjcotz.dll
2009-11-16 08:42 . 2009-11-16 08:42 290304 ----a-w- c:\winnt\system32\jcarqnpa.dll
2009-10-29 05:38 . 2004-12-07 22:37 667136 ----a-w- c:\winnt\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\winnt\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\winnt\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\winnt\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 06:00 270336 ----a-w- c:\winnt\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 06:00 149504 ----a-w- c:\winnt\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 06:00 79872 ----a-w- c:\winnt\system32\raschap.dll
2009-09-25 05:37 . 2004-08-04 07:56 81920 ------w- c:\winnt\system32\ieencode.dll
2002-04-20 01:15 . 2002-04-20 01:15 61 -c--a-w- c:\program files\adobe photoshop 7.0 serial.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5689697-A805-F3D8-5006-D58CB412F201}]
2009-12-18 17:48 392704 ----a-w- c:\winnt\system32\pgalmdzbovdze.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 90112]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2002-08-06 53248]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-06-29 827904]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"EPSON Stylus C88 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-10-22 86016]
"CTHelper"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\winnt\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-21 149280]
"nugxfiwsvxdvqbpg"="c:\winnt\system32\pgalmdzbovdze.dll" [2009-12-18 392704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-11-07 21:41 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2003-07-27 22:42 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-09-20 13:23 132624 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SSHDRV65;SSHDRV65;c:\winnt\system32\drivers\SSHDRV65.sys [9/11/2004 10:09 PM 120320]
R1 SSHDRV77;SSHDRV77;c:\winnt\system32\drivers\SSHDRV77.sys [9/11/2004 10:12 PM 79360]
R2 Dynex DX-WGDTC WLService;Dynex DX-WGDTC Service;c:\program files\Dynex Wireless G Adapter\WLService.exe [12/30/2007 9:13 PM 49152]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [1/13/2003 1:48 PM 6736]
S2 XMNEHNQD;XMNEHNQD;\??\c:\winnt\system32\xmnehnqd.gpw --> c:\winnt\system32\xmnehnqd.gpw [?]
S3 PCD65X2;PCD65X2;\??\c:\docume~1\Owner\LOCALS~1\Temp\PCD65X2.sys --> c:\docume~1\Owner\LOCALS~1\Temp\PCD65X2.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 pnicml;pnicml;\??\c:\docume~1\Owner\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Owner\LOCALS~1\Temp\pnicml.sys [?]
S3 rrdpcdd;rrdpcdd;\??\c:\docume~1\Owner\LOCALS~1\Temp\rrdpcdd.sys --> c:\docume~1\Owner\LOCALS~1\Temp\rrdpcdd.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - NMSCFG
*NewlyCreated* - NMSSVC
*Deregistered* - Avg7Core
*Deregistered* - Avg7RsXP
*Deregistered* - AvgClean
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://swgbetareg.station.sony.com/soesysinfo.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-DVDXGhost - (no file)
HKCU-Run-EleFunAnimatedWallpaper - (no file)
HKCU-Run-IgfxSys - c:\documents and settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll
HKLM-Run-Keyboard Preload Check - c:\oemdrvrs\KEYB\Preload.exe
HKLM-Run-POINTER - point32.exe
HKLM-Run-Amazing3DAquariumWallpaper - c:\program files\Anemone's Reef - Animated 3D Wallpaper\wallpaper.exe
HKLM-Run-EleFunAnimatedWallpaper - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
AddRemove-Creative Driver - c:\winnt\system32\ctdrvins
AddRemove-DivX Codec - c:\winnt\unvise32.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 12:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XMNEHNQD]
"ImagePath"="\??\c:\winnt\system32\xmnehnqd.gpw"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-735974071-3915652583-3802472028-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,cd,f0,3d,16,0c,55,c3,65,16,16,ea,89,5a,28,c5,58,13,c1,4d,df,af,99,
b2,d9,46,de,5d,a2,2c,08,d8,c9,a9,ea,e4,c6,e9,d4,39,b3,59,f2,04,80,3d,e9,85,\
"??"=hex:57,71,1f,13,73,10,b3,48,3a,c2,bf,f7,f2,8e,c5,ec
.
Completion time: 2009-12-21 12:35:50
ComboFix-quarantined-files.txt 2009-12-21 18:35

Pre-Run: 37,812,789,248 bytes free
Post-Run: 38,050,656,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - D4FE8C86F2D73E5B7AC3CC4DBE115114


Report •

#6
December 21, 2009 at 10:55:17

Seems like this has corrected the main issue of the pop-ups and audio ads, thank you. Of course if you see anything else that requires attention I would appreciate the advice.

I did have a couple questions:

The files I have downloaded for scan programs - can I delete them and/or do I need to use add/remove programs to do so?

There is a new IE icon on my desktop after running ComboFix, it is not a short cut - do I need to keep that or transfer it to my program files? I use both IE and Firefox.


Report •

#7
December 21, 2009 at 11:11:45

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\winnt\system32\gnvqdqplqts.exe
c:\winnt\system32\pgalmdzbovdze.dll
c:\winnt\system32\_pgalmdzbovdze.dll
c:\winnt\system32\jzgjcotz.dll
C:\WINNT\system32\wfxdkndj.dll

Folder::
c:\documents and settings\Owner\Application Data\ezLife
c:\program files\ezLife

Drivers::

Registry::
-[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5689697-A805-F3D8-5006-D58CB412F201}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nugxfiwsvxdvqbpg"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Let me know how is the computer operating once you run this script.


Report •

#8
December 21, 2009 at 21:56:07

Prior to this the problem with audio ads started again. My computer also seemed slow. So far I haven't heard another audio ad and it seems a bit faster. I will post again if that changes.

ComboFix 09-12-21.02 - Owner 12/21/2009 23:36:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.658 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\winnt\system32\_pgalmdzbovdze.dll"
"c:\winnt\system32\gnvqdqplqts.exe"
"c:\winnt\system32\jzgjcotz.dll"
"c:\winnt\system32\pgalmdzbovdze.dll"
"c:\winnt\system32\wfxdkndj.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\ezLife
c:\program files\ezLife
c:\winnt\system32\gnvqdqplqts.exe
c:\winnt\system32\jzgjcotz.dll
c:\winnt\system32\pgalmdzbovdze.dll
c:\winnt\system32\wfxdkndj.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-21 18:18 . 2009-12-21 18:35 -------- d-----w- C:\Combo-Fix
2009-12-21 15:52 . 2009-12-21 15:52 -------- d-----w- c:\program files\trend micro
2009-12-21 15:52 . 2009-12-21 15:52 -------- d-----w- C:\rsit
2009-12-21 06:41 . 2009-12-21 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Smart-Ads-Solutions
2009-12-21 05:40 . 2009-12-21 05:41 -------- d-----w- c:\documents and settings\Owner\Application Data\TS3Client
2009-12-21 05:22 . 2009-12-21 05:22 -------- d-----w- c:\program files\TeamSpeak 3 Client
2009-11-27 16:23 . 2009-11-19 17:48 872960 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-27 16:23 . 2009-11-19 17:48 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-27 16:23 . 2009-11-19 17:48 340480 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-27 16:23 . 2009-11-19 17:48 346624 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 05:43 . 2008-12-01 03:26 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2009-12-22 05:43 . 2008-12-01 03:26 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2009-12-21 18:18 . 2005-11-26 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2009-12-21 18:04 . 2009-01-24 18:32 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-12-21 17:57 . 2008-05-20 17:01 -------- d-----w- c:\program files\Java
2009-12-21 06:58 . 2009-11-12 23:31 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 06:44 . 2008-05-20 17:03 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-10 23:13 . 2008-02-04 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy
2009-12-09 20:42 . 2008-01-24 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-12-08 00:17 . 2008-05-20 16:57 -------- d-----w- c:\program files\LimeWire
2009-11-17 23:44 . 2009-11-17 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-11-17 22:21 . 2004-02-05 06:35 64664 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-17 22:21 . 2009-11-17 22:21 127325 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-11-17 22:21 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-16 08:42 . 2009-11-16 08:42 290304 ----a-w- c:\winnt\system32\jcarqnpa.dll
2009-10-29 05:38 . 2004-12-07 22:37 667136 ------w- c:\winnt\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\winnt\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\winnt\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\winnt\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 06:00 270336 ----a-w- c:\winnt\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 06:00 149504 ----a-w- c:\winnt\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 06:00 79872 ----a-w- c:\winnt\system32\raschap.dll
2009-09-25 05:37 . 2004-08-04 07:56 81920 ------w- c:\winnt\system32\ieencode.dll
2002-04-20 01:15 . 2002-04-20 01:15 61 -c--a-w- c:\program files\adobe photoshop 7.0 serial.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDXGhost"="" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"EleFunAnimatedWallpaper"="" [BU]
"IgfxSys"="c:\documents and settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 90112]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2002-08-06 53248]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-06-29 827904]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"EPSON Stylus C88 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-10-22 86016]
"CTHelper"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\winnt\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-21 149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-11-07 21:41 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2003-07-27 22:42 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-09-20 13:23 132624 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SSHDRV65;SSHDRV65;c:\winnt\system32\drivers\SSHDRV65.sys [9/11/2004 10:09 PM 120320]
R1 SSHDRV77;SSHDRV77;c:\winnt\system32\drivers\SSHDRV77.sys [9/11/2004 10:12 PM 79360]
R2 Dynex DX-WGDTC WLService;Dynex DX-WGDTC Service;c:\program files\Dynex Wireless G Adapter\WLService.exe [12/30/2007 9:13 PM 49152]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [1/13/2003 1:48 PM 6736]
S2 XMNEHNQD;XMNEHNQD;\??\c:\winnt\system32\xmnehnqd.gpw --> c:\winnt\system32\xmnehnqd.gpw [?]
S3 PCD65X2;PCD65X2;\??\c:\docume~1\Owner\LOCALS~1\Temp\PCD65X2.sys --> c:\docume~1\Owner\LOCALS~1\Temp\PCD65X2.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 pnicml;pnicml;\??\c:\docume~1\Owner\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Owner\LOCALS~1\Temp\pnicml.sys [?]
S3 rrdpcdd;rrdpcdd;\??\c:\docume~1\Owner\LOCALS~1\Temp\rrdpcdd.sys --> c:\docume~1\Owner\LOCALS~1\Temp\rrdpcdd.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*NewlyCreated* - NMSCFG
*NewlyCreated* - NMSSVC
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://swgbetareg.station.sony.com/soesysinfo.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk6e6alb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{D5689697-A805-F3D8-5006-D58CB412F201} - c:\winnt\system32\pgalmdzbovdze.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-gnvqdqplqts - c:\winnt\system32\gnvqdqplqts.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 23:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XMNEHNQD]
"ImagePath"="\??\c:\winnt\system32\xmnehnqd.gpw"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-735974071-3915652583-3802472028-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,cd,f0,3d,16,0c,55,c3,65,16,16,ea,89,5a,28,c5,58,13,c1,4d,df,af,99,
b2,d9,46,de,5d,a2,2c,08,d8,c9,a9,ea,e4,c6,e9,d4,39,b3,59,f2,04,80,3d,e9,85,\
"??"=hex:57,71,1f,13,73,10,b3,48,3a,c2,bf,f7,f2,8e,c5,ec
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2116)
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\CTsvcCDA.exe
c:\program files\Dynex Wireless G Adapter\WLanCfgG.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\System32\NMSSvc.exe
c:\winnt\system32\nvsvc32.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\winnt\system32\MsPMSPSv.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\SK9910DM.EXE
c:\winnt\GWMDMMSG.exe
.
**************************************************************************
.
Completion time: 2009-12-21 23:53:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 05:53
ComboFix2.txt 2009-12-21 18:35

Pre-Run: 38,071,291,904 bytes free
Post-Run: 38,053,220,352 bytes free

- - End Of File - - FBD4526AD82CF8A7CBA0F8029F100E68


Report •

#9
December 22, 2009 at 08:53:02

Download Avast! free edition and scan it .

Report •

#10
December 22, 2009 at 09:41:35

A little clean-up to do.

Delete RSIT , RootRepeal, and GMER from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •


Ask Question