please help! I have really bad vi

Computing.Net > Forums > Security and Virus > please help! I have really bad vi

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

please help! I have really bad vi

Name: fionn000
Date: February 12, 2008 at 15:19:02 Pacific
OS: vista home basic
CPU/Ram: 512mb
Product: hp pressario f500

Comment:

pliease help I cant remove this virus . It keeps shutting off my desktop and taskbar the only way to get my desktop back is to open taskmngr and execute explorer then it comes back for about 2 min then it goes again . I have scanned with avast antivirus,spysweeper,spybot,Spywaredoctor,superantispyware and mc caffe . none of them found anything so I did a hijack this scan but I dont know what to remove.

can someone please help.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: February 12, 2008 at 17:04:54 Pacific

Reply:

Please post your Hijack This log.

Response Number 2

Name: fionn000
Date: February 13, 2008 at 01:20:41 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:32 AM, on 2/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\CISVC.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\StkASv2K.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\mobsync.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{0C3749F0-3280-4DC9-9E00-3007A3668384}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activ...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10565 bytes

Response Number 3

Name: jabuck
Date: February 13, 2008 at 03:21:15 Pacific

Reply:

I don't see anything with Hiajck This.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 4

Name: fionn000
Date: February 13, 2008 at 04:22:17 Pacific

Reply:

I think it might be gone I stopped a program called cmd at startup and I also terminated a process called cmd with taskmngr. everything seems to be working fine now.

but heres combofix report anyway

ComboFix 08-02-13.2 - Owner 2008-02-13 12:13:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.379 [GMT 0:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-13 12:01 . 2008-02-13 12:01 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 12:01 . 2008-02-13 12:01 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 11:55 . 2008-02-13 11:55 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 11:54 . 2008-02-13 11:54 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 11:54 . 2008-02-13 11:54 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 11:51 . 2008-02-13 11:51 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 11:51 . 2008-02-13 11:51 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-13 11:49 . 2008-02-13 11:49 <DIR> d-------- C:\Users\Owner\Cracks
2008-02-13 11:46 . 2008-02-13 11:48 <DIR> d-------- C:\Users\Owner\applications
2008-02-13 11:37 . 2008-02-13 11:37 520 --a------ C:\Owner - Shortcut.lnk
2008-02-13 11:33 . 2008-02-13 11:34 <DIR> d-------- C:\text documents
2008-02-13 09:44 . 2008-02-13 09:44 <DIR> d-------- C:\Users\All Users\TechSmith
2008-02-13 09:44 . 2008-02-13 09:44 <DIR> d-------- C:\ProgramData\TechSmith
2008-02-13 09:44 . 2008-02-13 09:44 <DIR> d-------- C:\Program Files\TechSmith
2008-02-12 16:11 . 2008-02-12 16:11 <DIR> d-------- C:\Users\All Users\PC Tools
2008-02-12 16:11 . 2008-02-12 16:11 <DIR> d-------- C:\ProgramData\PC Tools
2008-02-12 15:32 . 2008-02-13 11:14 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-12 15:32 . 2008-02-13 11:14 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-12 14:06 . 2008-02-13 11:14 <DIR> d-------- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-02-12 14:06 . 2008-02-12 14:06 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-12 14:06 . 2008-02-12 14:06 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-12 14:06 . 2008-02-13 11:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 11:51 . 2008-02-12 11:51 <DIR> d-------- C:\perflogs
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Uniblue
2008-02-11 21:59 . 2008-02-13 11:14 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-11 21:59 . 2008-02-13 11:14 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-11 15:54 . 2008-02-11 15:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:25 . 2006-12-07 15:05 985,600 --a------ C:\Windows\System32\drivers\HSX_DPV.sys
2008-02-10 19:25 . 2006-12-07 15:04 659,968 --a------ C:\Windows\System32\drivers\HSX_CNXT.sys
2008-02-10 19:25 . 2006-11-28 16:44 386,560 --a------ C:\Windows\System32\drivers\XAudio.exe
2008-02-10 19:25 . 2006-12-07 15:04 207,360 --a------ C:\Windows\System32\drivers\HSXHWAZL.sys
2008-02-10 19:25 . 2006-10-18 16:50 144,201 --a------ C:\Windows\System32\drivers\HSFProf.cty
2008-02-10 19:25 . 2006-11-28 16:44 8,192 --a------ C:\Windows\System32\drivers\XAudio.sys
2008-02-10 10:19 . 2008-02-10 18:44 <DIR> d-------- C:\Users\Owner\AppData\Roaming\MSNInstaller
2008-02-07 22:43 . 2007-01-03 11:20 1,732 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-02-07 22:42 . 2008-02-07 22:42 838,094 --a------ C:\Windows\System32\oem33.inf
2008-02-07 22:41 . 2008-02-07 22:41 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-02-07 21:54 . 2008-02-07 21:54 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Leadertech
2008-02-07 21:22 . 2005-04-25 10:43 159,616 --a------ C:\Windows\System32\drivers\Vax347b.sys
2008-02-07 21:22 . 2004-04-30 09:33 5,248 --a------ C:\Windows\System32\drivers\Vax347s.sys
2008-02-03 20:19 . 2008-02-13 00:35 726 --a------ C:\Windows\System32\tversity.cookies
2008-02-03 20:09 . 2008-02-03 20:12 <DIR> d-------- C:\Program Files\TVersity Codec Pack
2008-02-03 20:08 . 2008-02-03 20:08 <DIR> d-------- C:\Program Files\TVersity
2008-02-02 18:09 . 2008-02-13 12:05 16,384 --------- C:\Windows\System32\Ikeext.etl
2008-02-02 17:08 . 2008-02-02 19:30 <DIR> d-------- C:\Program Files\PS3Portal
2008-01-31 18:35 . 2008-01-31 18:35 <DIR> d-------- C:\Program Files\Tracker Checker 2
2008-01-25 18:55 . 2008-01-25 18:55 229,376 --a------ C:\Windows\System32\UCI32A27.dll
2008-01-24 22:40 . 2008-01-24 22:40 <DIR> d-------- C:\Users\Owner\AppData\Roaming\WebCompiler3
2008-01-24 22:09 . 2008-01-24 22:09 <DIR> d-------- C:\Program Files\Yamicsoft
2008-01-19 11:28 . 2008-01-19 11:28 <DIR> d-------- C:\divx
2008-01-14 14:58 . 2008-01-14 14:58 <DIR> d-------- C:\Users\Owner\AppData\Roaming\vlc
2008-01-14 14:57 . 2008-01-14 14:57 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-14 13:46 . 2007-12-04 12:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-14 13:46 . 2007-12-04 14:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-14 13:46 . 2007-12-04 14:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-01-14 13:45 . 2008-01-14 13:45 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-14 13:45 . 2007-12-04 13:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-14 13:45 . 2004-01-09 09:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-14 13:45 . 2007-12-04 14:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-13 23:21 . 2008-01-13 23:21 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-13 23:21 . 2008-01-13 23:21 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-13 23:21 . 2008-01-13 23:21 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-13 20:35 . 2008-01-13 20:35 <DIR> d-------- C:\Windows\WLTB Custom Button Feeds
2008-01-13 20:35 . 2008-01-13 20:35 <DIR> d-------- C:\Windows\__SkypeIEToolbar_Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 11:59 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 11:59 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 11:59 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-13 11:59 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 11:59 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 11:59 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 11:59 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 11:59 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 11:59 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 11:59 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 11:59 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 11:59 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 11:59 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 11:59 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 11:59 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 11:59 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 11:59 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 11:59 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 11:59 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 11:59 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 11:59 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 11:59 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 11:59 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 11:59 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 11:59 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 11:59 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 11:59 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 11:59 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 11:55 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 11:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 11:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 11:55 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 11:55 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 11:55 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 11:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 11:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 11:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 11:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 11:55 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 11:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:52 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:15 --------- d-----w C:\Users\Owner\AppData\Roaming\Azureus
2008-02-13 11:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 16:19 --------- d-----w C:\ProgramData\NVIDIA
2008-02-12 15:38 54,524 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-02-12 14:01 --------- d-----w C:\Program Files\Yahoo!
2008-02-11 15:26 --------- d-----w C:\Users\Owner\AppData\Roaming\Skype
2008-02-11 13:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-10 19:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-10 18:47 --------- d-----w C:\ProgramData\WildTangent
2008-02-10 14:59 --------- d-----w C:\Users\Owner\AppData\Roaming\dvdcss
2008-02-08 23:55 85,504 ----a-w C:\Windows\System32\VACFix.exe
2008-02-08 10:37 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-02-03 14:03 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-03 14:02 --------- d-----w C:\ProgramData\Roxio
2008-02-03 13:55 --------- d-----w C:\Program Files\DivX
2008-01-30 19:41 --------- d-----w C:\Program Files\Java
2008-01-27 16:16 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-01-27 16:16 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-24 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 20:40 --------- d-----w C:\Program Files\Roxio
2008-01-24 20:22 --------- d-----w C:\ProgramData\Ulead Systems
2008-01-14 13:38 --------- d-----w C:\ProgramData\WinZip
2008-01-14 13:22 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 23:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-13 22:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 22:55 --------- d-----w C:\ProgramData\Symantec
2008-01-13 22:55 --------- d-----w C:\Program Files\Symantec
2008-01-13 22:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-13 22:30 --------- d-----w C:\Program Files\Google
2008-01-13 20:44 --------- d-----w C:\Program Files\Azureus
2008-01-13 20:33 --------- d-----w C:\Program Files\iTunes
2008-01-13 20:29 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-13 20:04 --------- d-----w C:\Program Files\ICQToolbar
2007-12-22 15:46 --------- d-----w C:\Users\Owner\AppData\Roaming\TuneUp Software
2007-12-22 15:46 --------- d-----w C:\ProgramData\TuneUp Software
2007-12-22 15:37 --------- d-----w C:\ProgramData\Azureus
2007-12-20 01:44 16,640 ----a-w C:\Windows\System32\authuitu.dll
2007-12-20 01:41 29,440 ----a-w C:\Windows\System32\uxtuneup.dll
2007-12-15 18:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-15 18:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-15 18:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-15 18:01 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-15 18:01 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-15 18:01 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-15 18:01 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-11-20 21:46 87,328 ----a-w C:\Windows\System32\bcmwlcoi.dll
2007-11-13 21:01 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 21:01 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 21:01 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 21:01 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 21:01 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 21:01 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 21:01 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 21:01 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 21:01 2,923,520 ----a-w C:\Windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 09:45 12288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 17:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 17:32 472800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 18:58 159744]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"NvSvc"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Owner\AppData\Local\Temp\hgddc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\Owner\AppData\Local\Temp\mllki.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"TrackerChecker2"="C:\Program Files\Tracker Checker 2\Tracker Checker 2.exe"
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 StkASSrv;Syntek STK1150 Service;C:\Windows\System32\StkASv2K.exe [2006-05-24 06:49]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-14 16:44]
S2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 09:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]
S3 StkAMini;Syntek STK1150;C:\Windows\system32\Drivers\StkAMini.sys [2006-09-27 03:01]
S3 StkScan;Syntek STK1150 Filter Driver;C:\Windows\system32\Drivers\StkScan.sys [2006-08-02 06:44]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-01-27 16:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 15:46:31 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-31 13:10:10 C:\Windows\Tasks\HPCeeScheduleForOwner.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-02-12 22:50:36 C:\Windows\Tasks\User_Feed_Synchronization-{0C3749F0-3280-4DC9-9E00-3007A3668384}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 12:16:48
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-13 12:17:48
.
2008-02-13 12:01:17 --- E O F ---

Response Number 5

Name: jabuck
Date: February 13, 2008 at 15:04:05 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Users\Owner\AppData\Local\Temp\mllki.exe
C:\Users\Owner\AppData\Local\Temp\hgddc.dll

Registry::XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log.

wdf01000.sys sermouse.sys hp quick launch buttons	clfs.sys nshhttp.dll 11003 programData
See More

Response Number 6

Name: fionn000
Date: February 14, 2008 at 09:49:22 Pacific

Reply:

ComboFix 08-02-14.3 - Owner 2008-02-14 17:35:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.228 [GMT 0:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Users\Owner\Desktop\CFScript.txt
FILE
C:\Users\Owner\AppData\Local\Temp\hgddc.dll
C:\Users\Owner\AppData\Local\Temp\mllki.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-14 13:34 . 2008-02-14 13:38 <DIR> d-------- C:\Users\Owner\Incomplete
2008-02-14 13:34 . 2008-02-14 13:40 <DIR> d-------- C:\Users\Owner\AppData\Roaming\LimeWire
2008-02-14 13:33 . 2008-02-14 13:33 <DIR> d-------- C:\Program Files\LimeWire
2008-02-13 13:54 . 2008-02-13 13:54 <DIR> d-------- C:\Windows\LastGood
2008-02-13 12:01 . 2008-02-13 12:01 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 12:01 . 2008-02-13 12:01 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 11:55 . 2008-02-13 11:55 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 11:54 . 2008-02-13 11:54 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 11:54 . 2008-02-13 11:54 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 11:51 . 2008-02-13 11:51 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 11:51 . 2008-02-13 11:51 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-13 11:49 . 2008-02-13 11:49 <DIR> d-------- C:\Users\Owner\Cracks
2008-02-13 11:46 . 2008-02-13 23:11 <DIR> d-------- C:\Users\Owner\applications
2008-02-13 11:37 . 2008-02-13 11:37 520 --a------ C:\Owner - Shortcut.lnk
2008-02-13 11:33 . 2008-02-13 12:59 <DIR> d-------- C:\text documents
2008-02-13 09:44 . 2008-02-13 09:44 <DIR> d-------- C:\Users\All Users\TechSmith
2008-02-13 09:44 . 2008-02-13 09:44 <DIR> d-------- C:\ProgramData\TechSmith
2008-02-13 09:44 . 2008-02-13 09:44 <DIR> d-------- C:\Program Files\TechSmith
2008-02-12 16:11 . 2008-02-12 16:11 <DIR> d-------- C:\Users\All Users\PC Tools
2008-02-12 16:11 . 2008-02-12 16:11 <DIR> d-------- C:\ProgramData\PC Tools
2008-02-12 15:32 . 2008-02-13 11:14 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-12 15:32 . 2008-02-13 11:14 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-12 14:06 . 2008-02-13 11:14 <DIR> d-------- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-02-12 14:06 . 2008-02-12 14:06 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-12 14:06 . 2008-02-12 14:06 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-12 14:06 . 2008-02-13 11:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 11:51 . 2008-02-12 11:51 <DIR> d-------- C:\perflogs
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Uniblue
2008-02-11 21:59 . 2008-02-13 11:14 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-11 21:59 . 2008-02-13 11:14 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-11 15:54 . 2008-02-11 15:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:25 . 2006-12-07 15:05 985,600 --a------ C:\Windows\System32\drivers\HSX_DPV.sys
2008-02-10 19:25 . 2006-12-07 15:04 659,968 --a------ C:\Windows\System32\drivers\HSX_CNXT.sys
2008-02-10 19:25 . 2006-11-28 16:44 386,560 --a------ C:\Windows\System32\drivers\XAudio.exe
2008-02-10 19:25 . 2006-12-07 15:04 207,360 --a------ C:\Windows\System32\drivers\HSXHWAZL.sys
2008-02-10 19:25 . 2006-10-18 16:50 144,201 --a------ C:\Windows\System32\drivers\HSFProf.cty
2008-02-10 19:25 . 2006-11-28 16:44 8,192 --a------ C:\Windows\System32\drivers\XAudio.sys
2008-02-10 10:19 . 2008-02-10 18:44 <DIR> d-------- C:\Users\Owner\AppData\Roaming\MSNInstaller
2008-02-07 22:43 . 2007-01-03 11:20 1,732 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-02-07 22:42 . 2008-02-07 22:42 838,094 --a------ C:\Windows\System32\oem33.inf
2008-02-07 22:41 . 2008-02-07 22:41 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-02-07 21:54 . 2008-02-07 21:54 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Leadertech
2008-02-07 21:22 . 2005-04-25 10:43 159,616 --a------ C:\Windows\System32\drivers\Vax347b.sys
2008-02-07 21:22 . 2004-04-30 09:33 5,248 --a------ C:\Windows\System32\drivers\Vax347s.sys
2008-02-03 20:08 . 2008-02-03 20:08 <DIR> d-------- C:\Program Files\TVersity
2008-02-02 18:09 . 2008-02-13 12:05 16,384 --------- C:\Windows\System32\Ikeext.etl
2008-02-02 17:08 . 2008-02-02 19:30 <DIR> d-------- C:\Program Files\PS3Portal
2008-01-31 18:35 . 2008-01-31 18:35 <DIR> d-------- C:\Program Files\Tracker Checker 2
2008-01-25 18:55 . 2008-01-25 18:55 229,376 --a------ C:\Windows\System32\UCI32A27.dll
2008-01-24 22:40 . 2008-01-24 22:40 <DIR> d-------- C:\Users\Owner\AppData\Roaming\WebCompiler3
2008-01-24 22:09 . 2008-01-24 22:09 <DIR> d-------- C:\Program Files\Yamicsoft
2008-01-19 11:28 . 2008-01-19 11:28 <DIR> d-------- C:\divx
2008-01-14 14:58 . 2008-01-14 14:58 <DIR> d-------- C:\Users\Owner\AppData\Roaming\vlc
2008-01-14 14:57 . 2008-01-14 14:57 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-14 13:46 . 2007-12-04 12:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-14 13:46 . 2007-12-04 14:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-14 13:46 . 2007-12-04 14:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-01-14 13:45 . 2008-01-14 13:45 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-14 13:45 . 2007-12-04 13:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-14 13:45 . 2004-01-09 09:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-14 13:45 . 2007-12-04 14:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 17:38 --------- d-----w C:\Users\Owner\AppData\Roaming\Azureus
2008-02-13 13:06 --------- d-----w C:\Program Files\Google
2008-02-13 11:59 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 11:59 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 11:59 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-13 11:59 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 11:59 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 11:59 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 11:59 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 11:59 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 11:59 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 11:59 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 11:59 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 11:59 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 11:59 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 11:59 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 11:59 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 11:59 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 11:59 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 11:59 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 11:59 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 11:59 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 11:59 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 11:59 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 11:59 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 11:59 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 11:59 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 11:59 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 11:59 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 11:59 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 11:55 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 11:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 11:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 11:55 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 11:55 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 11:55 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 11:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 11:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 11:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 11:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 11:55 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 11:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:52 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 16:19 --------- d-----w C:\ProgramData\NVIDIA
2008-02-12 15:38 54,524 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-02-12 14:01 --------- d-----w C:\Program Files\Yahoo!
2008-02-11 15:26 --------- d-----w C:\Users\Owner\AppData\Roaming\Skype
2008-02-11 13:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-10 19:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-10 18:47 --------- d-----w C:\ProgramData\WildTangent
2008-02-10 14:59 --------- d-----w C:\Users\Owner\AppData\Roaming\dvdcss
2008-02-08 23:55 85,504 ----a-w C:\Windows\System32\VACFix.exe
2008-02-08 10:37 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-02-03 14:03 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-03 14:02 --------- d-----w C:\ProgramData\Roxio
2008-02-03 13:55 --------- d-----w C:\Program Files\DivX
2008-01-30 19:41 --------- d-----w C:\Program Files\Java
2008-01-27 16:16 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-01-27 16:16 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-24 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 20:40 --------- d-----w C:\Program Files\Roxio
2008-01-24 20:22 --------- d-----w C:\ProgramData\Ulead Systems
2008-01-14 13:38 --------- d-----w C:\ProgramData\WinZip
2008-01-14 13:22 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 23:21 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 23:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-13 23:21 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-13 23:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-13 22:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 22:55 --------- d-----w C:\ProgramData\Symantec
2008-01-13 22:55 --------- d-----w C:\Program Files\Symantec
2008-01-13 22:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-13 20:44 --------- d-----w C:\Program Files\Azureus
2008-01-13 20:33 --------- d-----w C:\Program Files\iTunes
2008-01-13 20:29 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-13 20:04 --------- d-----w C:\Program Files\ICQToolbar
2007-12-22 15:46 --------- d-----w C:\Users\Owner\AppData\Roaming\TuneUp Software
2007-12-22 15:46 --------- d-----w C:\ProgramData\TuneUp Software
2007-12-22 15:37 --------- d-----w C:\ProgramData\Azureus
2007-12-20 01:44 16,640 ----a-w C:\Windows\System32\authuitu.dll
2007-12-20 01:41 29,440 ----a-w C:\Windows\System32\uxtuneup.dll
2007-12-15 18:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-15 18:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-15 18:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-15 18:01 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-15 18:01 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-15 18:01 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-15 18:01 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-11-20 21:46 87,328 ----a-w C:\Windows\System32\bcmwlcoi.dll
2007-09-03 01:27 174 --sha-w C:\Program Files\desktop.ini
2007-07-12 22:06 0 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 09:45 12288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 17:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 17:32 472800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 18:58 159744]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"NvSvc"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Owner\AppData\Local\Temp\hgddc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\Owner\AppData\Local\Temp\mllki.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"TrackerChecker2"="C:\Program Files\Tracker Checker 2\Tracker Checker 2.exe"
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 StkASSrv;Syntek STK1150 Service;C:\Windows\System32\StkASv2K.exe [2006-05-24 06:49]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-14 16:44]
S2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 09:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]
S3 StkAMini;Syntek STK1150;C:\Windows\system32\Drivers\StkAMini.sys [2006-09-27 03:01]
S3 StkScan;Syntek STK1150 Filter Driver;C:\Windows\system32\Drivers\StkScan.sys [2006-08-02 06:44]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-01-27 16:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 15:46:31 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-31 13:10:10 C:\Windows\Tasks\HPCeeScheduleForOwner.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-02-14 17:25:22 C:\Windows\Tasks\User_Feed_Synchronization-{0C3749F0-3280-4DC9-9E00-3007A3668384}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 17:39:03
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-14 17:40:22
.
2008-02-13 13:43:21 --- E O F ---

Response Number 7

Name: jabuck
Date: February 14, 2008 at 17:54:00 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "Registry::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Go to start> run type in combofix /u will remove combofix from the computer.
How is your computer operating.

Response Number 8

Name: fionn000
Date: February 15, 2008 at 02:48:28 Pacific

Reply:

everything is working fine thanks

Response Number 9

Name: jabuck
Date: February 15, 2008 at 03:24:04 Pacific

Reply:

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Glad we could help.

Response Number 10

Name: fionn000
Date: February 15, 2008 at 06:50:24 Pacific

Reply:

thanks so much this helped

Sponsored Link

Ads by Google

Please help!

pos.tmp in C: w/ error po...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: please help! I have really bad vi

PLEASE HELP!!!!!!! i have PE_WEIRD

Summary

www.computing.net/answers/security/please-help-i-have-peweird/3898.html

PLEASE HELP! virus has taken over

Summary

www.computing.net/answers/security/please-help-virus-has-taken-over/4150.html

Trojan Horse..please help

Summary

www.computing.net/answers/security/trojan-horseplease-help/21893.html

From the Geek Dictionary
rmp - An arena team composition in World of warcraft that is so blatenly overpowe...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Western Digital

IF Formula

Unable to download photos

cannot get a connection

unable to boot into windows

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE