help me win antivirus is eating me

Computing.Net > Forums > Security and Virus > help me win antivirus is eating me

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

help me win antivirus is eating me

Name: freaktown
Date: March 10, 2007 at 20:40:57 Pacific
OS: xp home sp 2
CPU/Ram: pentium 4 2.00 ghz, 256mb
Product: IBM net vista

Comment:

please help me I keep having a win antivirus pop up

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 10, 2007 at 20:44:49 Pacific

Reply:

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Post the log located at C:Vundofix.txt.

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 2

Name: freaktown
Date: March 10, 2007 at 21:05:29 Pacific

Reply:

D:\Documents and settings\Owner\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
D:\Documents and settings\Owner\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
D:\WINDOWS\system32\fhkmp.bak1
D:\WINDOWS\system32\fhkmp.bak2
D:\WINDOWS\system32\fhkmp.ini
D:\WINDOWS\system32\fhkmp.ini2
D:\WINDOWS\system32\fhkmp.tmp
D:\WINDOWS\system32\giwkgohh.exe
D:\WINDOWS\system32\khfghee.dll
D:\WINDOWS\system32\ljjjigh.dll
D:\WINDOWS\system32\nnwbdkfj.dll
D:\WINDOWS\system32\pmkhf.dll
D:\WINDOWS\system32\qoxvyksw.dll
D:\WINDOWS\system32\qrqss.ini
D:\WINDOWS\system32\ssqrq.dll
D:\WINDOWS\system32\vwxkeqps.dll
D:\WINDOWS\system32\yayvtro.dll

Response Number 3

Name: freaktown
Date: March 10, 2007 at 21:07:34 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:46 AM, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Pure Networks\Network Magic\nmapp.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.exe
D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
D:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EB8DF1A-B4FF-43BE-B1FC-5E57BBAEFD98} - D:\WINDOWS\system32\yayvtro.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {C6F71583-254B-4FFA-AFC4-ACA57FD98593} - D:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {EE3D9FE7-47AD-480C-96BC-8A33E2ACAC4c} - D:\WINDOWS\system32\ycksvdwf.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\system32\goipsvql.dll",setvm
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gm...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/I...
O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp03.eastlink.ca/SelfProvis...
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - D:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe

Response Number 4

Name: jabuck
Date: March 10, 2007 at 21:19:34 Pacific

Reply:

Download test.exe from this link http://swandog46.geekstogo.com/test.exe
Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.

Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
D:\WINDOWS\system32\ycksvdwf.dll
D:\WINDOWS\system32\goipsvql.dll
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
This log file will be located at C:\avenger.txt
Please copy/paste the content of C:\avenger.txt into your reply.
Please download Comboscan from this link:
Comboscan

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Response Number 5

Name: jabuck
Date: March 10, 2007 at 21:30:51 Pacific

Reply:

Also do the following please.
Download VundoFix at http://www.atribune.org/ccount/click.php?id=4 and save it to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to 'Run VundoFix as a task'.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
When VundoFix re-opens, right click inside the white box and click 'Add More Files?'
Copy and paste the below entries into each line:
D:\WINDOWS\system32\ycksvdwf.dll
D:\WINDOWS\system32\fwdvskcy.*
D:\WINDOWS\system32\goipsvql.dll
D:\WINDOWS\system32\lqvspiog.*
Click 'Add Files' and click 'Close Window'.
Click 'Scan for Vundo' button.
Once it's done scanning, click the 'Remove Vundo' button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer. click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.

pfmodnt 82801 win.antivirus.supp@gmail.com	antivirus pop office source engine nv4_mini.sys
See More

Response Number 6

Name: freaktown
Date: March 10, 2007 at 21:33:19 Pacific

Reply:

ComboScan v20070306.20 run by Owner on 2007-03-11 at 01:31:03
Computer is in Normal Mode.
----------------------
-- System Res---------
Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
13: 2007-03-11 05:31:10 UTC - RP34 - ComboScan Restore Point
12: 2007-03-10 08:45:11 UTC - RP33 - System Checkpoint
11: 2007-03-09 08:14:51 UTC - RP32 - System Checkpoint
10: 2007-03-08 02:54:38 UTC - RP31 - Software Distribution Service 2.0
9: 2007-03-08 02:39:35 UTC - RP30 - Software Distribution Service 2.0

-- First Restore Point --
1: 2007-03-04 08:14:03 UTC - RP22 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as O
Logfile of HijackThis v1.99.1
Scan saved at 1:01:46 AM, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Pure Networks\Network Magic\nmapp.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.exe
D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
D:\Program Files\Hijackthis\HijackThis.exe

Response Number 7

Name: freaktown
Date: March 10, 2007 at 21:38:14 Pacific

Reply:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: selected file does not appear to be a valid script.
Error code: 1813

Response Number 8

Name: freaktown
Date: March 10, 2007 at 21:41:49 Pacific

Reply:

ComboScan v20070306.20 run by Owner on 2007-03-11 at 01:31:03
Computer is in Normal Mode.
----------------------
-- System Res---------
Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
13: 2007-03-11 05:31:10 UTC - RP34 - ComboScan Restore Point
12: 2007-03-10 08:45:11 UTC - RP33 - System Checkpoint
11: 2007-03-09 08:14:51 UTC - RP32 - System Checkpoint
10: 2007-03-08 02:54:38 UTC - RP31 - Software Distribution Service 2.0
9: 2007-03-08 02:39:35 UTC - RP30 - Software Distribution Service 2.0

-- First Restore Point --
1: 2007-03-04 08:14:03 UTC - RP22 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as O
Logfile of HijackThis v1.99.1
Scan saved at 1:01:46 AM, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Pure Networks\Network Magic\nmapp.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.exe
D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
D:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EB8DF1A-B4FF-43BE-B1FC-5E57BBAEFD98} - D:\WINDOWS\system32\yayvtro.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {C6F71583-254B-4FFA-AFC4-ACA57FD98593} - D:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {EE3D9FE7-47AD-480C-96BC-8A33E2ACAC4c} - D:\WINDOWS\system32\ycksvdwf.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\system32\goipsvql.dll",setvm
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gm...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/I...
O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp03.eastlink.ca/SelfProvis...
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - D:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe

-- File Associat------
.bat - batfile - "%1" %*
.chm - chm.file - "D:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.exe %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.exe %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.exe %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3R ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - D:\WINDOWS\system32\drivers\ac97intc.sys
3S basic2 - D:\WINDOWS\system32\drivers\HSF_BSC2.sys
3S ctsfm2k (Creative SoundFont Management Device Driver) - D:\WINDOWS\system32\drivers\ctsfm2k.sys
3R E100B (Intel(R) PRO Adapter Driver) - D:\WINDOWS\system32\drivers\e100b325.sys
1R eeCtrl (Symantec Eraser Control driver) - D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2R EGATHDRV (IBM Access Support) - D:\WINDOWS\system32\EGATHDRV.SYS
3R EraserUtilRebootDrv - D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2R Fallback - D:\WINDOWS\system32\drivers\HSF_FALL.sys
2R Fsks - D:\WINDOWS\system32\drivers\HSF_FSKS.sys
3R hidusb (Microsoft HID Class Driver) - D:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWBS2 - D:\WINDOWS\system32\drivers\hsfbs2s2.sys
3R HSF_DP - D:\WINDOWS\system32\drivers\hsfdpsp2.sys
3S hsf_msft - D:\WINDOWS\system32\drivers\HSF_MSFT.sys
0R IdeBusDr - D:\WINDOWS\system32\drivers\IdeBusDr.sys
0R IdeChnDr (Intel(R) Ultra ATA Controller) - D:\WINDOWS\system32\drivers\IdeChnDr.sys
1R intelppm (Intel Processor Driver) - D:\WINDOWS\system32\drivers\intelppm.sys
2R K56 - D:\WINDOWS\system32\drivers\HSF_K56K.sys
2R mdmxsdk - D:\WINDOWS\system32\drivers\mdmxsdk.sys
3R mouhid (Mouse HID Driver) - D:\WINDOWS\system32\drivers\mouhid.sys
3R nv - D:\WINDOWS\system32\drivers\nv4_mini.sys
3S nv4 - D:\WINDOWS\system32\drivers\nv4.sys
3S ossrv (Creative OS Services Driver) - D:\WINDOWS\system32\drivers\ctoss2k.sys
3S P17 (Sound Blaster Audigy) - D:\WINDOWS\system32\drivers\P17.sys
3S p17filt - D:\WINDOWS\system32\drivers\p17filt.sys
3S pfc (Padus ASPI Shell) - D:\WINDOWS\system32\drivers\pfc.sys
2S PfModNT - D:\WINDOWS\system32\drivers\PfModNT.sys (not found)
2R pnarp (Network Magic Device Discovery Driver) - D:\WINDOWS\system32\drivers\pnarp.sys
2R purendis (Network Magic Wireless Driver) - D:\WINDOWS\system32\drivers\purendis.sys
0S PxHelp20 - D:\WINDOWS\system32\Drivers\PxHelp20.sys (not found)
3S Rksample - D:\WINDOWS\system32\drivers\HSF_SAMP.sys
3S ROOTMODEM (Microsoft Legacy Modem Driver) - D:\WINDOWS\system32\drivers\rootmdm.sys
2R SoftFax - D:\WINDOWS\system32\drivers\HSF_FAXX.sys
3S SYMDNS - D:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - D:\WINDOWS\system32\drivers\SYMEVENT.SYS
3S SYMFW - D:\WINDOWS\system32\drivers\symfw.sys
3S SYMIDS - D:\WINDOWS\system32\drivers\symids.sys
3S SYMNDIS - D:\WINDOWS\system32\drivers\symndis.sys
3S SYMREDRV - D:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - D:\WINDOWS\system32\drivers\symtdi.sys
2R Tones - D:\WINDOWS\system32\drivers\HSF_TONE.sys
3R usbaudio (USB Audio Driver (WDM)) - D:\WINDOWS\system32\drivers\USBAUDIO.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - D:\WINDOWS\system32\drivers\usbccgp.sys
3S usbprint (Microsoft USB PRINTER Class) - D:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - D:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - D:\WINDOWS\system32\drivers\USBSTOR.SYS
2R V124 - D:\WINDOWS\system32\drivers\HSF_V124.sys
3R winachsf - D:\WINDOWS\system32\drivers\hsfcxts2.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - D:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - D:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - D:\WINDOWS\system32\drivers\WudfRd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (ASP.NET State Service) - D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Automatic LiveUpdate Scheduler - "D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
4S ccEvtMgr (Symantec Event Manager) - "D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
4S ccSetMgr (Symantec Settings Manager) - "D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
4S CLTNetCnService (Symantec Lic NetConnect service) - "D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
4S ISPwdSvc (Symantec IS Password Validation) - "D:\Program Files\Norton AntiVirus\isPwdSvc.exe"
3R LiveUpdate - "D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe"
4S nmraapache (Pure Networks Net2Go Service) - "D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice
4S nmservice (Pure Networks Network Magic Service) - "D:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"
4S ose (Office Source Engine) - "D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe"
4S Symantec Core LC - "D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
4S SymAppCore (Symantec AppCore Service) - "D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"

-- Files created between 2007-02-11 and 20---------
2007-03-11 01:29:04 0 d-------- D:\Avenger
2007-03-11 00:48:15 0 d-------- D:\VundoFix Backups<VUNDOF~1>
2007-03-10 22:57:23 131604 --a------ D:\WINDOWS\system32\ycksvdwf.dll
2007-03-09 15:42:30 131604 --a------ D:\WINDOWS\system32\pwsgwopl.dll
2007-03-07 22:27:23 0 d-------- D:\Documents and Settings\Owner\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-07 22:27:15 123412 --a------ D:\WINDOWS\system32\goipsvql.dll
2007-03-07 21:20:29 0 d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2007-03-06 22:59:02 0 d-------- D:\Documents and Settings\Owner\Application Data\Lavasoft
2007-03-06 22:58:19 0 d-------- D:\Program Files\Lavasoft
2007-03-06 22:55:13 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-06 18:06:39 0 d-------- D:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-06 18:05:23 0 d-------- D:\WINDOWS\SHELLNEW
2007-03-06 18:05:20 0 d-------- D:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-03-06 17:54:57 123412 --a------ D:\WINDOWS\system32\aqiiusyh.dll
2007-02-27 19:22:47 59264 --a------ D:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-02-21 13:54:21 25792 --a------ D:\WINDOWS\system32\drivers\pnarp.sys
2007-02-21 13:54:10 26944 --a------ D:\WINDOWS\system32\drivers\purendis.sys
2007-02-21 13:53:18 0 d-------- D:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-02-11 19:36:14 0 d-------- D:\Program Files\DIFX
2007-02-11 19:36:09 0 d------c- D:\WINDOWS\system32\DRVSTORE
2007-02-11 19:07:49 0 d-------- D:\Program Files\Common Files\Pure Networks Shared<PURENE~1>
2007-02-11 19:07:06 0 d-------- D:\Program Files\Pure Networks<PURENE~1>
2007-02-11 19:06:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Pure Networks<PURENE~1>
2007-02-11 15:45:57 524288 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT

-- Find3M Re----------
2007-03-10 14:36:54 1632 --a------ D:\WINDOWS\system32\d3d8caps.dat
2007-03-08 10:52:53 0 d-------- D:\Program Files\DivX
2007-03-08 02:13:58 0 d-------- D:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-08 00:28:47 0 d-------- D:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-04 22:17:19 0 d-------- D:\Program Files\Ares
2007-02-25 17:49:03 0 d-------- D:\Program Files\Java
2007-02-23 03:25:02 110388 --a------ D:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-09 17:32:09 0 d-------- D:\Program Files\HP
2007-02-09 09:14:21 0 d-------- D:\Documents and Settings\Owner\Application Data\Image Zone Express<IMAGEZ~1>
2007-02-08 17:46:56 1744 --a------ D:\WINDOWS\system32\d3d9caps.dat
2007-02-08 00:14:34 0 d---s---- D:\Documents and Settings\Owner\Application Data\Microsoft<MICROS~1>
2007-02-05 04:04:32 0 d-------- D:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-05 03:50:19 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-05 03:50:11 44 --a------ D:\WINDOWS\system32\msssc.dll
2007-02-04 20:27:18 0 d-------- D:\Program Files\QuickTime<QUICKT~1>
2007-01-30 21:39:42 0 d-------- D:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-30 21:38:44 0 d-------- D:\Program Files\Common Files\Adobe
2007-01-30 21:16:16 324 --a------ D:\Documents and Settings\Owner\Application Data\ETCPrefs5<ETCPRE~1>
2007-01-30 21:16:16 444 --a------ D:\Documents and Settings\Owner\Application Data\ETCPitchScores<ETCPIT~1>
2007-01-30 21:15:45 1233 --a------ D:\Documents and Settings\Owner\Application Data\ETCHopperStats<ETCHOP~1>
2007-01-30 20:58:21 17 --a------ D:\Documents and Settings\Owner\Application Data\ETCPlayers<ETCPLA~1>
2007-01-30 20:58:21 15 --a------ D:\Documents and Settings\Owner\Application Data\ETCHarmonyBench5<ET941A~1>
2007-01-30 20:58:21 15 --a------ D:\Documents and Settings\Owner\Application Data\ETCHarmonyBench4<ET841A~1>
2007-01-30 20:58:21 15 --a------ D:\Documents and Settings\Owner\Application Data\ETCHarmonyBench3<ETCHAR~4>
2007-01-30 20:58:21 15 --a------ D:\Documents and Settings\Owner\Application Data\ETCHarmonyBench2<ETCHAR~3>
2007-01-30 20:58:21 15 --a------ D:\Documents and Settings\Owner\Application Data\ETCHarmonyBench1<ETCHAR~2>
2007-01-30 20:58:21 15 --a------ D:\Documents and Settings\Owner\Application Data\ETCHarmonyBench0<ETCHAR~1>
2007-01-29 04:58:06 60416 -----n--- D:\WINDOWS\system32\tzchange.exe
2007-01-28 02:17:02 0 d-------- D:\Documents and Settings\Owner\Application Data\DivX
2007-01-27 21:19:40 0 d-------- D:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-27 20:54:04 90651 --a------ D:\WINDOWS\hpiins01.dat
2007-01-27 20:29:53 0 d-------- D:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-01-27 20:26:54 0 d-------- D:\Program Files\Common Files\HP
2007-01-27 20:22:03 0 d-------- D:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-24 03:11:35 67973 --a------ D:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-01-23 23:03:54 0 d-------- D:\Documents and Settings\Owner\Application Data\Sun
2007-01-23 22:54:19 0 d-------- D:\Program Files\Common Files\Java
2007-01-19 22:39:14 0 d-------- D:\Documents and Settings\Owner\Application Data\F-Secure
2007-01-19 22:38:51 0 d-------- D:\Documents and Settings\Owner\Application Data\PEX
2007-01-17 17:02:23 0 d-------- D:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-01-17 11:29:17 0 d-------- D:\Program Files\Symantec
2007-01-17 11:29:14 48776 --a------ D:\WINDOWS\system32\S32EVNT1.DLL
2006-12-19 17:52:18 134656 --a------ D:\WINDOWS\system32\shsvcs.dll
2006-12-19 14:16:47 333824 --a------ D:\WINDOWS\system32\wiaservc.dll

-- Registry ----------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ares"="\"D:\\Program Files\\Ares\\Ares.exe\" -h"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"2chkdsk"="rundll32.exe \"D:\\WINDOWS\\system32\\goipsvql.dll\",setvm"
"ccApp"="D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"osCheck"="\"D:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"nmapp"="\"D:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="D:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="D:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Photosmart Premier Fast Start.lnk"
"backup"="D:\\WINDOWS\\pss\\HP Photosmart Premier Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Photosmart Premier Fast Start"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aqiiusyh"
"hkey"="HKLM"
"command"="rundll32.exe \"D:\\WINDOWS\\system32\\aqiiusyh.dll\",setvm"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rundll32 P17"
"hkey"="HKLM"
"command"="Rundll32 P17.dll,P17Helper"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=dword:00000003
"odserv"=dword:00000003
"WMPNetworkSvc"=dword:00000003
"SymAppCore"=dword:00000002
"Symantec Core LC"=dword:00000003
"SDhelper"=dword:00000002
"nmservice"=dword:00000002
"nmraapache"=dword:00000003
"LiveUpdate"=dword:00000003
"ISPwdSvc"=dword:00000003
"CLTNetCnService"=dword:00000002
"ccSetMgr"=dword:00000002
"ccEvtMgr"=dword:00000002
"Automatic LiveUpdate Scheduler"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2EB8DF1A-B4FF-43BE-B1FC-5E57BBAEFD98}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of ComboScan: finished at 2007-03-11 at 01:3

Response Number 9

Name: jabuck
Date: March 10, 2007 at 21:46:43 Pacific

Reply:

Be sure to follow the suggestions in response #5.

Response Number 10

Name: freaktown
Date: March 10, 2007 at 22:31:31 Pacific

Reply:

sorry about this its just taking a bit here

Response Number 11

Name: freaktown
Date: March 10, 2007 at 22:42:14 Pacific

Reply:

only 3 spots came up for the vundo thing so i pasted to lines on each spot said there was no vundo

Response Number 12

Name: jabuck
Date: March 11, 2007 at 07:21:16 Pacific

Reply:

And the results from Dr. WebCureit please.

Sponsored Link

Ads by Google

Viking/Looked/TIBS-AKO wo...

Hidden Files Inaccessible

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: help me win antivirus is eating me

please help me get rid peper trojan

Summary

www.computing.net/answers/security/please-help-me-get-rid-peper-trojan/8335.html

can anyone help me?

Summary

www.computing.net/answers/security/can-anyone-help-me/1360.html

someone plz PLZ help me!

Summary

www.computing.net/answers/security/someone-plz-plz-help-me/19157.html

From the Geek Dictionary
TLA - Acronym for Three Letter Acronym. TLA's are ubiquitous throughout the geek...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Hyper-V kills all other wireless clients

server busy

internet explorer script error

gaberiel knight 3

hardware properties

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE