WiredWX Hobby Weather ToolsLog in

 


descriptionUnknown Virus EmptyUnknown Virus

more_horiz
Hello,
Recently a family member notified me about a virus on their computer and asked me to help. The problem is whenever i boot up my computer it would reach the login screen, I would input the password and then it would load up one window folder but the background is black. I need to use task manager to run a new task and in the "run" box i need to put "explorer" in order to load up my desktop. However, after that everything else runs fine (from what I'm told). All the programs work and the computer runs smoothly. I just downloaded MBAM and tried updating but got an error and instead im just running the quick scan and will accompany this post with the logs later.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/28/2009 11:13:52 AM
mbam-log-2009-12-28 (11-13-52).txt

Scan type: Quick Scan
Objects scanned: 100463
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Windows\essledv.exe (Spyware.Passwords) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe ahwa.ulo xgkfbr) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.hȋdden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\essledv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\System32\ahwa.ulo (Backdoor.Bot) -> Quarantined and deleted successfully.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
After i ran MBAM and restarted my computer as i was prompted to do my computer booted up correctly after the login screen. and here is the Hijack Log after i did a scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:24 AM, on 12/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 6772 bytes

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
I only recieved one long log :

DDS (Ver_09-12-01.01) - NTFSx86
Run by Eric at 12:23:40.30 on Mon 12/28/2009
Internet Explorer: 7.0.6001.18000
Microsoft®️ Windows Vista™️ Home Basic 6.0.6001.1.1252.1.1033.18.2012.812 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Heroes of Newerth\hon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Eric\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\xcqc4kti.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\eric\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-12-6 81920]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-24 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-24 234888]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-2-19 27648]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-5-6 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-6 112128]
S2 kysedsifo;hzfrfwiv;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]

=============== Created Last 30 ================

2009-12-28 19:27:14 0 d-----w- c:\program files\Trend Micro
2009-12-28 19:15:04 4096 ----a-w- c:\windows\system32\05B1B.tmp
2009-12-28 19:09:01 0 d-----w- c:\users\eric\appdata\roaming\Malwarebytes
2009-12-28 19:08:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 19:08:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 19:08:57 0 d-----w- c:\programdata\Malwarebytes
2009-12-28 19:08:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 19:04:11 4096 ----a-w- c:\windows\system32\05B0A.tmp
2009-12-28 17:16:19 4096 ----a-w- c:\windows\system32\05994.tmp
2009-12-28 17:00:06 4096 ----a-w- c:\windows\system32\07898.tmp
2009-12-28 16:51:28 4096 ----a-w- c:\windows\system32\07ABA.tmp
2009-12-28 05:34:55 4096 ----a-w- c:\windows\system32\09CBB.tmp
2009-12-21 00:00:12 4096 ----a-w- c:\windows\system32\09C2F.tmp
2009-12-17 16:48:08 4096 ----a-w- c:\windows\system32\0A13D.tmp
2009-12-15 05:55:29 4096 ----a-w- c:\windows\system32\09F4A.tmp
2009-12-14 02:32:48 0 d-----w- c:\users\eric\appdata\roaming\mIRC
2009-12-14 02:32:48 0 d-----w- c:\program files\mIRC
2009-12-11 06:36:22 4096 ----a-w- c:\windows\system32\099CE.tmp
2009-12-09 08:26:32 4096 ----a-w- c:\windows\system32\06A6D.tmp
2009-12-08 11:24:19 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-08 11:06:47 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-12-08 11:06:47 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-12-08 11:06:47 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-12-08 11:06:47 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2009-12-08 11:06:47 11264 ----a-w- c:\windows\system32\icardres.dll
2009-12-08 11:06:47 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-08 11:06:46 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-12-08 11:06:45 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-12-08 11:02:42 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-12-08 11:02:40 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-12-08 11:02:40 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-12-08 11:02:35 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-12-08 11:02:33 83968 ----a-w- c:\windows\system32\mscories.dll
2009-12-08 03:50:38 0 d-----w- c:\program files\Ventrilo
2009-12-08 03:50:37 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-12-08 03:49:58 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-07 17:11:18 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-07 17:11:16 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-12-07 17:11:09 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-12-07 16:49:53 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-12-07 16:49:52 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-07 16:49:47 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-07 16:49:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-12-07 16:49:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-12-07 16:49:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-12-07 16:49:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-12-07 16:49:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-12-07 16:49:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-07 16:49:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-12-07 16:49:46 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-12-07 16:49:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-12-07 16:47:10 71680 ----a-w- c:\windows\system32\atl.dll
2009-12-07 16:47:08 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-12-07 16:47:04 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 16:47:04 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:46:35 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-07 16:46:35 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-07 16:46:30 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-07 16:46:22 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-07 16:46:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-07 16:46:15 269312 ----a-w- c:\windows\system32\es.dll
2009-12-07 16:46:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-12-07 16:46:10 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-12-07 16:46:07 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-12-07 16:44:45 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-12-07 16:43:58 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-12-07 16:42:41 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-12-07 16:42:41 94720 ----a-w- c:\windows\system32\logagent.exe
2009-12-07 16:42:29 90112 ----a-w- c:\windows\system32\wshext.dll
2009-12-07 16:42:29 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-07 16:42:29 155648 ----a-w- c:\windows\system32\wscript.exe
2009-12-07 16:42:29 135168 ----a-w- c:\windows\system32\wshom.ocx
2009-12-07 16:42:28 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-12-07 16:42:28 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-12-07 16:42:28 135168 ----a-w- c:\windows\system32\cscript.exe
2009-12-06 21:56:22 20 --sh--w- c:\users\eric\ntuser.ini
2009-12-06 21:37:40 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-06 21:23:43 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-06 21:23:40 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-06 21:23:37 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-06 21:23:37 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-06 21:21:00 0 d-----w- c:\windows\system32\RTCOM
2009-12-06 21:12:59 87040 ----a-w- c:\windows\system32\AERTARen.dll
2009-12-06 21:11:34 0 d-----w- c:\windows\system32\OEM
2009-12-06 21:11:33 22 ---ha-r- c:\windows\dell_version
2009-12-06 21:05:36 0 d--h--w- C:\$WINDOWS.~Q
2009-12-06 21:03:20 0 d--h--w- C:\$INPLACE.~TR
2009-12-06 20:59:50 8192 --s-a-r- C:\BOOTSECT.BAK
2009-12-06 20:38:08 1887 ----a-w- c:\windows\diagwrn.xml
2009-12-06 20:38:08 1887 ----a-w- c:\windows\diagerr.xml
2009-12-06 02:29:21 4096 ----a-w- c:\windows\system32\0FC86.tmp
2009-12-05 01:50:12 4096 ----a-w- c:\windows\system32\0CA80.tmp
2009-12-02 16:21:37 65536 ----a-w- c:\windows\IFinst27.exe
2009-12-02 02:37:46 4096 ----a-w- c:\windows\system32\08E0C.tmp
2009-11-30 18:45:28 4096 ----a-w- c:\windows\system32\09EDD.tmp
2009-11-30 16:17:16 4096 ----a-w- c:\windows\system32\0AB2C.tmp
2009-11-30 16:14:10 4096 ----a-w- c:\windows\system32\087AB.tmp
2009-11-30 11:15:38 0 ----a-w- c:\users\eric\.recently-used.xbel.7WZ43U
2009-11-30 07:20:01 4096 ----a-w- c:\windows\system32\09D19.tmp
2009-11-30 04:16:33 4096 ----a-w- c:\windows\system32\06AA9.tmp
2009-11-29 03:22:39 4096 ----a-w- c:\windows\system32\0778F.tmp
2009-11-29 02:25:21 4096 ----a-w- c:\windows\system32\0C122.tmp

==================== Find3M ====================

2009-12-08 11:46:27 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-08 11:46:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-08 11:46:27 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-08 11:46:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-28 01:30:52 4096 ----a-w- c:\windows\system32\07DE5.tmp
2009-11-26 06:10:17 4096 ----a-w- c:\windows\system32\08EC7.tmp
2009-11-24 07:24:47 4096 ----a-w- c:\windows\system32\0A266.tmp
2009-11-23 01:04:20 4096 ----a-w- c:\windows\system32\0CF3F.tmp
2009-11-21 04:56:23 4096 ----a-w- c:\windows\system32\0821A.tmp
2009-11-20 19:14:37 4096 ----a-w- c:\windows\system32\0F085.tmp
2009-11-20 01:31:02 4096 ----a-w- c:\windows\system32\0B309.tmp
2009-11-19 22:19:59 4096 ----a-w- c:\windows\system32\022EA.tmp
2009-11-19 03:57:18 4096 ----a-w- c:\windows\system32\0BB34.tmp
2009-11-18 01:46:51 4096 ----a-w- c:\windows\system32\097FA.tmp
2009-11-17 03:08:24 4096 ----a-w- c:\windows\system32\09CAB.tmp
2009-11-16 03:30:39 4096 ----a-w- c:\windows\system32\08F82.tmp
2009-11-14 04:44:56 4096 ----a-w- c:\windows\system32\05B1A.tmp
2009-11-13 04:14:55 4096 ----a-w- c:\windows\system32\07CDD.tmp
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-13 08:49:05 161768 --sha-r- c:\windows\system32\ehohhje.dll
2009-02-19 18:32:32 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:24:27.10 ===============

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
nevermind, here is the second log :


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft®️ Windows Vista™️ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/6/2009 1:44:09 PM
System Uptime: 12/28/2009 11:14:41 AM (1 hours ago)

Motherboard: Dell Inc. | | 0P301D
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2495/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 103.563 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.085 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
Bonjour
Business Tools Launcher
Choice Guard
Combined Community Codec Pack 2008-09-21 16:18
Counter-Strike
Dell Getting Started Guide
Dell Support Center
Deluge 1.2.0_rc3
DFOLauncher
EDocs
EternityRO
EZGet
Full Tilt Poker
GTK+ Runtime 2.14.6 rev a (remove only)
GTK2-Runtime
Heroes of Newerth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel®️ Matrix Storage Manager
iTunes
Java(TM) 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.6)
MSVCRT
Pando Media Booster
Personal Entertainment Launcher
Pidgin
PowerDVD
Product Support Launcher
QuickTime
Ragnarok Online
Ragnarok Renewal
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sonic CinePlayer Decoder Pack
Starcraft
Steam
Team Fortress 2
TuneUp Companion 1.5.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.0.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Xobni
Xobni Core
Xvid 1.2.2 final uninstall
Yahoo! BrowserPlus

==== End Of File ===========================

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz

  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

Unknown Virus CF_download_FF

Unknown Virus 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
ComboFix 09-12-28.06 - Eric 12/29/2009 9:12.1.2 - x86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6001.1.1252.1.1033.18.2012.1094 [GMT -8:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 17:16 . 2009-12-29 17:16 -------- d-----w- c:\users\Eric\AppData\Local\temp
2009-12-28 19:27 . 2009-12-28 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-28 19:09 . 2009-12-28 19:09 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 19:08 . 2009-12-28 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 19:08 . 2009-12-28 19:08 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 02:39 . 2009-12-17 02:39 2157 ----a-w- c:\users\Eric\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-14 02:32 . 2009-12-14 06:49 -------- d-----w- c:\users\Eric\AppData\Roaming\mIRC
2009-12-14 02:32 . 2009-12-14 02:32 -------- d-----w- c:\program files\mIRC
2009-12-08 11:24 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-08 11:06 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-12-08 11:06 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-12-08 11:06 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-12-08 11:06 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-12-08 11:06 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-12-08 11:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-12-08 11:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-12-08 11:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-12-08 11:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-12-08 11:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Ventrilo
2009-12-08 03:49 . 2009-12-08 03:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 17:11 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-07 17:11 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-12-07 17:11 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-12-07 16:49 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-12-07 16:49 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-07 16:49 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-07 16:49 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-07 16:49 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-12-07 16:49 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-12-07 16:49 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-12-07 16:49 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-12-07 16:49 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-12-07 16:49 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-12-07 16:49 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-12-07 16:49 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-12-07 16:47 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-12-07 16:47 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-12-07 16:47 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 16:47 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:46 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-07 16:46 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-07 16:46 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-07 16:46 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-07 16:46 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-07 16:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-12-07 16:46 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-12-07 16:46 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-12-07 16:44 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-12-07 16:43 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-12-07 16:42 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-12-07 16:42 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-12-07 16:42 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-12-07 16:42 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-07 16:42 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-12-07 16:42 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-12-07 16:42 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-12-07 16:42 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-12-06 22:05 . 2009-12-06 22:05 78440 ----a-w- c:\users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 21:51 . 2009-12-10 00:33 -------- d-----w- c:\windows\Debug
2009-12-06 21:37 . 2009-12-06 21:37 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\users\Default\video
2009-12-06 21:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-06 21:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-06 21:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-06 21:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-06 21:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-06 21:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-06 21:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-06 21:23 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-06 21:23 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-06 21:21 . 2009-12-06 21:21 -------- d-----w- c:\windows\system32\RTCOM
2009-12-06 21:12 . 2008-08-19 06:19 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\windows\system32\OEM
2009-12-06 21:05 . 2009-12-06 21:05 -------- d-----w- C:\$WINDOWS.~Q
2009-12-06 21:03 . 2009-12-06 21:03 -------- d-----w- C:\$INPLACE.~TR
2009-12-06 20:41 . 2009-12-06 20:41 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2009-12-02 16:21 . 2009-12-03 07:52 65536 ----a-w- c:\windows\IFinst27.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 17:10 . 2009-03-15 05:46 -------- d-----w- c:\program files\Steam
2009-12-29 17:10 . 2009-12-29 17:10 4096 ----a-w- c:\windows\system32\05EC2.tmp
2009-12-29 17:08 . 2009-03-06 02:25 -------- d-----w- c:\users\Eric\AppData\Roaming\.purple
2009-12-29 16:47 . 2009-10-19 03:59 -------- d-----w- c:\users\Eric\AppData\Roaming\vlc
2009-12-28 19:15 . 2009-12-28 19:15 4096 ----a-w- c:\windows\system32\05B1B.tmp
2009-12-28 19:04 . 2009-12-28 19:04 4096 ----a-w- c:\windows\system32\05B0A.tmp
2009-12-28 17:16 . 2009-12-28 17:16 4096 ----a-w- c:\windows\system32\05994.tmp
2009-12-28 17:00 . 2009-12-28 17:00 4096 ----a-w- c:\windows\system32\07898.tmp
2009-12-28 16:51 . 2009-12-28 16:51 4096 ----a-w- c:\windows\system32\07ABA.tmp
2009-12-28 05:34 . 2009-12-28 05:34 4096 ----a-w- c:\windows\system32\09CBB.tmp
2009-12-21 00:00 . 2009-12-21 00:00 4096 ----a-w- c:\windows\system32\09C2F.tmp
2009-12-18 21:55 . 2009-10-25 20:28 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-17 16:48 . 2009-12-17 16:48 4096 ----a-w- c:\windows\system32\0A13D.tmp
2009-12-15 05:55 . 2009-12-15 05:55 4096 ----a-w- c:\windows\system32\09F4A.tmp
2009-12-14 08:43 . 2009-03-16 03:27 -------- d-----w- c:\users\Eric\AppData\Roaming\Ventrilo
2009-12-11 06:36 . 2009-12-11 06:36 4096 ----a-w- c:\windows\system32\099CE.tmp
2009-12-09 08:26 . 2009-12-09 08:26 4096 ----a-w- c:\windows\system32\06A6D.tmp
2009-12-08 11:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 11:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-06 21:32 . 2009-11-09 16:39 -------- d-----w- c:\users\Eric\AppData\Roaming\NeopleLauncherDFO
2009-12-06 21:32 . 2009-09-22 04:03 -------- d-----w- c:\users\Eric\AppData\Roaming\TuneUpMedia
2009-12-06 21:32 . 2009-10-08 02:44 -------- d-----w- c:\users\Eric\AppData\Roaming\Media Player Classic
2009-12-06 21:32 . 2009-11-24 07:32 -------- d-----w- c:\users\Eric\AppData\Roaming\deluge
2009-12-06 21:32 . 2009-11-12 07:05 -------- d-----w- c:\users\Eric\AppData\Roaming\dvdcss
2009-12-06 21:32 . 2009-03-06 02:26 -------- d-----w- c:\users\Eric\AppData\Roaming\gtk-2.0
2009-12-06 21:32 . 2009-08-25 03:07 -------- d-----w- c:\users\Eric\AppData\Roaming\Azureus
2009-12-06 21:32 . 2009-08-22 07:34 -------- d-----w- c:\users\Eric\AppData\Roaming\CyberLink
2009-12-06 21:32 . 2009-08-20 04:18 -------- d-----w- c:\users\Eric\AppData\Roaming\Apple Computer
2009-12-06 21:27 . 2009-09-22 04:03 -------- d-----w- c:\programdata\TuneUpMedia
2009-12-06 21:27 . 2009-08-20 04:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-12-06 21:27 . 2009-11-09 16:09 -------- d-----w- c:\programdata\NexonUS
2009-12-06 21:27 . 2009-11-09 08:11 -------- d-----w- c:\programdata\PMB Files
2009-12-06 21:27 . 2009-02-19 17:01 -------- d-----w- c:\programdata\SupportSoft
2009-12-06 21:27 . 2009-02-19 17:00 -------- d-----w- c:\programdata\Sonic
2009-12-06 21:25 . 2009-11-09 08:09 -------- d-----w- c:\program files\Pando Networks
2009-12-06 21:24 . 2009-10-20 05:05 -------- d-----w- c:\program files\EZGet
2009-12-06 02:29 . 2009-12-06 02:29 4096 ----a-w- c:\windows\system32\0FC86.tmp
2009-12-05 01:50 . 2009-12-05 01:50 4096 ----a-w- c:\windows\system32\0CA80.tmp
2009-12-02 02:37 . 2009-12-02 02:37 4096 ----a-w- c:\windows\system32\08E0C.tmp
2009-11-30 18:45 . 2009-11-30 18:45 4096 ----a-w- c:\windows\system32\09EDD.tmp
2009-11-30 16:17 . 2009-11-30 16:17 4096 ----a-w- c:\windows\system32\0AB2C.tmp
2009-11-30 16:14 . 2009-11-30 16:14 4096 ----a-w- c:\windows\system32\087AB.tmp
2009-11-30 07:20 . 2009-11-30 07:20 4096 ----a-w- c:\windows\system32\09D19.tmp
2009-11-30 04:16 . 2009-11-30 04:16 4096 ----a-w- c:\windows\system32\06AA9.tmp
2009-11-29 03:22 . 2009-11-29 03:22 4096 ----a-w- c:\windows\system32\0778F.tmp
2009-11-29 02:25 . 2009-11-29 02:25 4096 ----a-w- c:\windows\system32\0C122.tmp
2009-11-28 01:30 . 2009-11-28 01:30 4096 ----a-w- c:\windows\system32\07DE5.tmp
2009-11-26 06:10 . 2009-11-26 06:10 4096 ----a-w- c:\windows\system32\08EC7.tmp
2009-11-24 07:24 . 2009-11-24 07:24 4096 ----a-w- c:\windows\system32\0A266.tmp
2009-11-23 01:04 . 2009-11-23 01:04 4096 ----a-w- c:\windows\system32\0CF3F.tmp
2009-11-21 04:56 . 2009-11-21 04:56 4096 ----a-w- c:\windows\system32\0821A.tmp
2009-11-20 19:14 . 2009-11-20 19:14 4096 ----a-w- c:\windows\system32\0F085.tmp
2009-11-20 01:31 . 2009-11-20 01:31 4096 ----a-w- c:\windows\system32\0B309.tmp
2009-11-19 22:19 . 2009-11-19 22:19 4096 ----a-w- c:\windows\system32\022EA.tmp
2009-11-19 03:57 . 2009-11-19 03:57 4096 ----a-w- c:\windows\system32\0BB34.tmp
2009-11-18 01:46 . 2009-11-18 01:46 4096 ----a-w- c:\windows\system32\097FA.tmp
2009-11-17 03:08 . 2009-11-17 03:08 4096 ----a-w- c:\windows\system32\09CAB.tmp
2009-11-16 03:30 . 2009-11-16 03:30 4096 ----a-w- c:\windows\system32\08F82.tmp
2009-11-14 04:44 . 2009-11-14 04:44 4096 ----a-w- c:\windows\system32\05B1A.tmp
2009-11-13 04:14 . 2009-11-13 04:14 4096 ----a-w- c:\windows\system32\07CDD.tmp
2009-11-09 16:09 . 2009-11-09 16:09 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-09 16:09 . 2009-11-09 16:09 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-09 16:09 . 2009-11-09 16:09 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-09 16:09 . 2009-11-09 16:09 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-09 16:09 . 2009-11-09 16:09 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-09 16:09 . 2009-11-09 16:09 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-03 04:42 . 2009-10-03 17:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 13:41 . 2009-09-22 04:00 174 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\restart.bat
2009-10-02 00:25 . 2009-10-02 00:25 10686001 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-02-13 08:49 . 2009-12-07 16:44 161768 --sha-r- c:\windows\System32\ehohhje.dll
2009-02-19 18:32 . 2009-02-19 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-09 2923192]
"Steam"="c:\program files\steam\steam.exe" [2009-10-25 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/6/2009 1:12 PM 81920]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/24/2009 7:07 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/24/2009 7:07 PM 234888]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [2/19/2009 8:58 AM 27648]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 5:21 PM 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/6/2009 1:13 PM 112128]
S2 kysedsifo;hzfrfwiv;c:\windows\system32\svchost.exe -k netsvcs [1/20/2008 6:33 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kysedsifo
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\xcqc4kti.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Eric\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 09:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kysedsifo]
"ServiceDll"="c:\windows\system32\ehohhje.dll"
.
Completion time: 2009-12-29 09:17:52
ComboFix-quarantined-files.txt 2009-12-29 17:17

Pre-Run: 106,609,393,664 bytes free
Post-Run: 106,621,947,904 bytes free

- - End Of File - - 4029ECBFC0ED7D8C7F7EF9677971F2ED

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    KILLALL::

    Driver::
    kysedsifo

    File::
    c:\windows\system32\ehohhje.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kysedsifo]

    NetSvc::
    kysedsifo

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Unknown Virus Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
ComboFix 09-12-28.06 - Eric 12/29/2009 10:43:10.2.2 - x86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6001.1.1252.1.1033.18.2012.1162 [GMT -8:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
Command switches used :: c:\users\Eric\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\ehohhje.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ehohhje.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kysedsifo


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 18:46 . 2009-12-29 18:47 -------- d-----w- c:\users\Eric\AppData\Local\temp
2009-12-29 18:46 . 2009-12-29 18:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-29 18:46 . 2009-12-29 18:46 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2009-12-28 19:27 . 2009-12-28 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-28 19:09 . 2009-12-28 19:09 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 19:08 . 2009-12-28 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 19:08 . 2009-12-28 19:08 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 02:39 . 2009-12-17 02:39 2157 ----a-w- c:\users\Eric\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-14 02:32 . 2009-12-14 06:49 -------- d-----w- c:\users\Eric\AppData\Roaming\mIRC
2009-12-14 02:32 . 2009-12-14 02:32 -------- d-----w- c:\program files\mIRC
2009-12-08 11:24 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-08 11:06 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-12-08 11:06 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-12-08 11:06 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-12-08 11:06 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-12-08 11:06 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-12-08 11:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-12-08 11:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-12-08 11:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-12-08 11:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-12-08 11:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Ventrilo
2009-12-08 03:49 . 2009-12-08 03:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 17:11 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-07 17:11 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-12-07 17:11 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-12-07 16:49 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-12-07 16:49 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-07 16:49 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-07 16:49 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-07 16:49 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-12-07 16:49 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-12-07 16:49 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-12-07 16:49 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-12-07 16:49 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-12-07 16:49 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-12-07 16:49 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-12-07 16:49 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-12-07 16:47 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-12-07 16:47 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-12-07 16:47 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 16:47 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:46 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-07 16:46 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-07 16:46 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-07 16:46 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-07 16:46 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-07 16:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-12-07 16:46 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-12-07 16:46 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-12-07 16:44 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-12-07 16:43 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-12-07 16:42 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-12-07 16:42 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-12-07 16:42 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-12-07 16:42 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-07 16:42 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-12-07 16:42 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-12-07 16:42 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-12-07 16:42 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-12-06 22:05 . 2009-12-06 22:05 78440 ----a-w- c:\users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 21:51 . 2009-12-10 00:33 -------- d-----w- c:\windows\Debug
2009-12-06 21:37 . 2009-12-06 21:37 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\users\Default\video
2009-12-06 21:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-06 21:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-06 21:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-06 21:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-06 21:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-06 21:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-06 21:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-06 21:23 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-06 21:23 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-06 21:21 . 2009-12-06 21:21 -------- d-----w- c:\windows\system32\RTCOM
2009-12-06 21:12 . 2008-08-19 06:19 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\windows\system32\OEM
2009-12-06 21:05 . 2009-12-06 21:05 -------- d-----w- C:\$WINDOWS.~Q
2009-12-06 21:03 . 2009-12-06 21:03 -------- d-----w- C:\$INPLACE.~TR
2009-12-06 20:41 . 2009-12-06 20:41 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2009-12-02 16:21 . 2009-12-03 07:52 65536 ----a-w- c:\windows\IFinst27.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 18:48 . 2009-03-15 05:46 -------- d-----w- c:\program files\Steam
2009-12-29 18:42 . 2009-03-06 02:25 -------- d-----w- c:\users\Eric\AppData\Roaming\.purple
2009-12-29 17:10 . 2009-12-29 17:10 4096 ----a-w- c:\windows\system32\05EC2.tmp
2009-12-29 16:47 . 2009-10-19 03:59 -------- d-----w- c:\users\Eric\AppData\Roaming\vlc
2009-12-28 19:15 . 2009-12-28 19:15 4096 ----a-w- c:\windows\system32\05B1B.tmp
2009-12-28 19:04 . 2009-12-28 19:04 4096 ----a-w- c:\windows\system32\05B0A.tmp
2009-12-28 17:16 . 2009-12-28 17:16 4096 ----a-w- c:\windows\system32\05994.tmp
2009-12-28 17:00 . 2009-12-28 17:00 4096 ----a-w- c:\windows\system32\07898.tmp
2009-12-28 16:51 . 2009-12-28 16:51 4096 ----a-w- c:\windows\system32\07ABA.tmp
2009-12-28 05:34 . 2009-12-28 05:34 4096 ----a-w- c:\windows\system32\09CBB.tmp
2009-12-21 00:00 . 2009-12-21 00:00 4096 ----a-w- c:\windows\system32\09C2F.tmp
2009-12-18 21:55 . 2009-10-25 20:28 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-17 16:48 . 2009-12-17 16:48 4096 ----a-w- c:\windows\system32\0A13D.tmp
2009-12-15 05:55 . 2009-12-15 05:55 4096 ----a-w- c:\windows\system32\09F4A.tmp
2009-12-14 08:43 . 2009-03-16 03:27 -------- d-----w- c:\users\Eric\AppData\Roaming\Ventrilo
2009-12-11 06:36 . 2009-12-11 06:36 4096 ----a-w- c:\windows\system32\099CE.tmp
2009-12-09 08:26 . 2009-12-09 08:26 4096 ----a-w- c:\windows\system32\06A6D.tmp
2009-12-08 11:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 11:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-06 21:32 . 2009-11-09 16:39 -------- d-----w- c:\users\Eric\AppData\Roaming\NeopleLauncherDFO
2009-12-06 21:32 . 2009-09-22 04:03 -------- d-----w- c:\users\Eric\AppData\Roaming\TuneUpMedia
2009-12-06 21:32 . 2009-10-08 02:44 -------- d-----w- c:\users\Eric\AppData\Roaming\Media Player Classic
2009-12-06 21:32 . 2009-11-24 07:32 -------- d-----w- c:\users\Eric\AppData\Roaming\deluge
2009-12-06 21:32 . 2009-11-12 07:05 -------- d-----w- c:\users\Eric\AppData\Roaming\dvdcss
2009-12-06 21:32 . 2009-03-06 02:26 -------- d-----w- c:\users\Eric\AppData\Roaming\gtk-2.0
2009-12-06 21:32 . 2009-08-25 03:07 -------- d-----w- c:\users\Eric\AppData\Roaming\Azureus
2009-12-06 21:32 . 2009-08-22 07:34 -------- d-----w- c:\users\Eric\AppData\Roaming\CyberLink
2009-12-06 21:32 . 2009-08-20 04:18 -------- d-----w- c:\users\Eric\AppData\Roaming\Apple Computer
2009-12-06 21:27 . 2009-09-22 04:03 -------- d-----w- c:\programdata\TuneUpMedia
2009-12-06 21:27 . 2009-08-20 04:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-12-06 21:27 . 2009-11-09 16:09 -------- d-----w- c:\programdata\NexonUS
2009-12-06 21:27 . 2009-11-09 08:11 -------- d-----w- c:\programdata\PMB Files
2009-12-06 21:27 . 2009-02-19 17:01 -------- d-----w- c:\programdata\SupportSoft
2009-12-06 21:27 . 2009-02-19 17:00 -------- d-----w- c:\programdata\Sonic
2009-12-06 21:25 . 2009-11-09 08:09 -------- d-----w- c:\program files\Pando Networks
2009-12-06 21:24 . 2009-10-20 05:05 -------- d-----w- c:\program files\EZGet
2009-12-06 02:29 . 2009-12-06 02:29 4096 ----a-w- c:\windows\system32\0FC86.tmp
2009-12-05 01:50 . 2009-12-05 01:50 4096 ----a-w- c:\windows\system32\0CA80.tmp
2009-12-02 02:37 . 2009-12-02 02:37 4096 ----a-w- c:\windows\system32\08E0C.tmp
2009-11-30 18:45 . 2009-11-30 18:45 4096 ----a-w- c:\windows\system32\09EDD.tmp
2009-11-30 16:17 . 2009-11-30 16:17 4096 ----a-w- c:\windows\system32\0AB2C.tmp
2009-11-30 16:14 . 2009-11-30 16:14 4096 ----a-w- c:\windows\system32\087AB.tmp
2009-11-30 07:20 . 2009-11-30 07:20 4096 ----a-w- c:\windows\system32\09D19.tmp
2009-11-30 04:16 . 2009-11-30 04:16 4096 ----a-w- c:\windows\system32\06AA9.tmp
2009-11-29 03:22 . 2009-11-29 03:22 4096 ----a-w- c:\windows\system32\0778F.tmp
2009-11-29 02:25 . 2009-11-29 02:25 4096 ----a-w- c:\windows\system32\0C122.tmp
2009-11-28 01:30 . 2009-11-28 01:30 4096 ----a-w- c:\windows\system32\07DE5.tmp
2009-11-26 06:10 . 2009-11-26 06:10 4096 ----a-w- c:\windows\system32\08EC7.tmp
2009-11-24 07:24 . 2009-11-24 07:24 4096 ----a-w- c:\windows\system32\0A266.tmp
2009-11-23 01:04 . 2009-11-23 01:04 4096 ----a-w- c:\windows\system32\0CF3F.tmp
2009-11-21 04:56 . 2009-11-21 04:56 4096 ----a-w- c:\windows\system32\0821A.tmp
2009-11-20 19:14 . 2009-11-20 19:14 4096 ----a-w- c:\windows\system32\0F085.tmp
2009-11-20 01:31 . 2009-11-20 01:31 4096 ----a-w- c:\windows\system32\0B309.tmp
2009-11-19 22:19 . 2009-11-19 22:19 4096 ----a-w- c:\windows\system32\022EA.tmp
2009-11-19 03:57 . 2009-11-19 03:57 4096 ----a-w- c:\windows\system32\0BB34.tmp
2009-11-18 01:46 . 2009-11-18 01:46 4096 ----a-w- c:\windows\system32\097FA.tmp
2009-11-17 03:08 . 2009-11-17 03:08 4096 ----a-w- c:\windows\system32\09CAB.tmp
2009-11-16 03:30 . 2009-11-16 03:30 4096 ----a-w- c:\windows\system32\08F82.tmp
2009-11-14 04:44 . 2009-11-14 04:44 4096 ----a-w- c:\windows\system32\05B1A.tmp
2009-11-13 04:14 . 2009-11-13 04:14 4096 ----a-w- c:\windows\system32\07CDD.tmp
2009-11-09 16:09 . 2009-11-09 16:09 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-09 16:09 . 2009-11-09 16:09 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-09 16:09 . 2009-11-09 16:09 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-09 16:09 . 2009-11-09 16:09 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-09 16:09 . 2009-11-09 16:09 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-09 16:09 . 2009-11-09 16:09 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-03 04:42 . 2009-10-03 17:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 13:41 . 2009-09-22 04:00 174 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\restart.bat
2009-10-02 00:25 . 2009-10-02 00:25 10686001 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-02-19 18:32 . 2009-02-19 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-12-29_17.16.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-12-06 21:22 . 2009-12-29 17:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 21:22 . 2009-12-29 18:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-06 21:22 . 2009-12-29 17:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-06 21:22 . 2009-12-29 18:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-06 21:22 . 2009-12-29 17:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 21:22 . 2009-12-29 18:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-19 03:32 . 2009-12-29 18:46 2594 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-12-29 18:47 . 2009-12-29 18:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-29 17:09 . 2009-12-29 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-09 2923192]
"Steam"="c:\program files\steam\steam.exe" [2009-10-25 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/6/2009 1:12 PM 81920]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/24/2009 7:07 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/24/2009 7:07 PM 234888]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [2/19/2009 8:58 AM 27648]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 5:21 PM 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/6/2009 1:13 PM 112128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\xcqc4kti.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Eric\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 10:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-29 10:50:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-29 18:50
ComboFix2.txt 2009-12-29 17:17

Pre-Run: 106,703,138,816 bytes free
Post-Run: 106,328,350,720 bytes free

- - End Of File - - 2FC3C8C75FC3C7CFA112E175A443D149

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\AskBarDis

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    Driver::
    ASKService
    ASKUpgrade

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Unknown Virus Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
ComboFix 09-12-29.04 - Eric 12/29/2009 15:39:24.3.2 - x86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6001.1.1252.1.1033.18.2012.1111 [GMT -8:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
Command switches used :: c:\users\Eric\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ASKService
-------\Service_ASKUpgrade


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 23:42 . 2009-12-29 23:44 -------- d-----w- c:\users\Eric\AppData\Local\temp
2009-12-29 23:42 . 2009-12-29 23:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-29 23:42 . 2009-12-29 23:42 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2009-12-29 23:42 . 2009-12-29 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 23:38 . 2009-12-29 23:38 -------- d-----w- C:\32788R22FWJFW
2009-12-28 19:27 . 2009-12-28 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-28 19:09 . 2009-12-28 19:09 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 19:08 . 2009-12-28 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 19:08 . 2009-12-28 19:08 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 02:32 . 2009-12-14 06:49 -------- d-----w- c:\users\Eric\AppData\Roaming\mIRC
2009-12-14 02:32 . 2009-12-14 02:32 -------- d-----w- c:\program files\mIRC
2009-12-08 11:24 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-08 11:06 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-12-08 11:06 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-12-08 11:06 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-12-08 11:06 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-12-08 11:06 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-12-08 11:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-12-08 11:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-12-08 11:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-12-08 11:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-12-08 11:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Ventrilo
2009-12-08 03:49 . 2009-12-08 03:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 17:11 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-07 17:11 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-12-07 17:11 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-12-07 16:49 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-12-07 16:49 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-07 16:49 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-07 16:49 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-07 16:49 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-12-07 16:49 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-12-07 16:49 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-12-07 16:49 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-12-07 16:49 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-12-07 16:49 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-12-07 16:49 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-12-07 16:49 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-12-07 16:47 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-12-07 16:47 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-12-07 16:47 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 16:47 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:46 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-07 16:46 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-07 16:46 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-07 16:46 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-07 16:46 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-07 16:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-12-07 16:46 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-12-07 16:44 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-12-07 16:43 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-12-07 16:42 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-12-07 16:42 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-12-07 16:42 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-12-07 16:42 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-07 16:42 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-12-07 16:42 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-12-07 16:42 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-12-07 16:42 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-12-06 22:05 . 2009-12-06 22:05 78440 ----a-w- c:\users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 21:51 . 2009-12-10 00:33 -------- d-----w- c:\windows\Debug
2009-12-06 21:37 . 2009-12-06 21:37 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\users\Default\video
2009-12-06 21:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-06 21:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-06 21:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-06 21:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-06 21:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-06 21:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-06 21:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-06 21:23 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-06 21:23 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-06 21:21 . 2009-12-06 21:21 -------- d-----w- c:\windows\system32\RTCOM
2009-12-06 21:12 . 2008-08-19 06:19 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\windows\system32\OEM
2009-12-06 21:05 . 2009-12-06 21:05 -------- d-----w- C:\$WINDOWS.~Q
2009-12-06 21:03 . 2009-12-06 21:03 -------- d-----w- C:\$INPLACE.~TR
2009-12-06 20:41 . 2009-12-06 20:41 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2009-12-02 16:21 . 2009-12-03 07:52 65536 ----a-w- c:\windows\IFinst27.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 23:45 . 2009-03-15 05:46 -------- d-----w- c:\program files\Steam
2009-12-29 23:21 . 2009-03-06 02:25 -------- d-----w- c:\users\Eric\AppData\Roaming\.purple
2009-12-29 17:10 . 2009-12-29 17:10 4096 ----a-w- c:\windows\system32\05EC2.tmp
2009-12-29 16:47 . 2009-10-19 03:59 -------- d-----w- c:\users\Eric\AppData\Roaming\vlc
2009-12-28 19:15 . 2009-12-28 19:15 4096 ----a-w- c:\windows\system32\05B1B.tmp
2009-12-28 19:04 . 2009-12-28 19:04 4096 ----a-w- c:\windows\system32\05B0A.tmp
2009-12-28 17:16 . 2009-12-28 17:16 4096 ----a-w- c:\windows\system32\05994.tmp
2009-12-28 17:00 . 2009-12-28 17:00 4096 ----a-w- c:\windows\system32\07898.tmp
2009-12-28 16:51 . 2009-12-28 16:51 4096 ----a-w- c:\windows\system32\07ABA.tmp
2009-12-28 05:34 . 2009-12-28 05:34 4096 ----a-w- c:\windows\system32\09CBB.tmp
2009-12-21 00:00 . 2009-12-21 00:00 4096 ----a-w- c:\windows\system32\09C2F.tmp
2009-12-18 21:55 . 2009-10-25 20:28 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-17 16:48 . 2009-12-17 16:48 4096 ----a-w- c:\windows\system32\0A13D.tmp
2009-12-17 02:39 . 2009-12-17 02:39 2157 ----a-w- c:\users\Eric\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-15 05:55 . 2009-12-15 05:55 4096 ----a-w- c:\windows\system32\09F4A.tmp
2009-12-14 08:43 . 2009-03-16 03:27 -------- d-----w- c:\users\Eric\AppData\Roaming\Ventrilo
2009-12-11 06:36 . 2009-12-11 06:36 4096 ----a-w- c:\windows\system32\099CE.tmp
2009-12-09 08:26 . 2009-12-09 08:26 4096 ----a-w- c:\windows\system32\06A6D.tmp
2009-12-08 11:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 11:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-06 21:32 . 2009-11-09 16:39 -------- d-----w- c:\users\Eric\AppData\Roaming\NeopleLauncherDFO
2009-12-06 21:32 . 2009-09-22 04:03 -------- d-----w- c:\users\Eric\AppData\Roaming\TuneUpMedia
2009-12-06 21:32 . 2009-10-08 02:44 -------- d-----w- c:\users\Eric\AppData\Roaming\Media Player Classic
2009-12-06 21:32 . 2009-11-24 07:32 -------- d-----w- c:\users\Eric\AppData\Roaming\deluge
2009-12-06 21:32 . 2009-11-12 07:05 -------- d-----w- c:\users\Eric\AppData\Roaming\dvdcss
2009-12-06 21:32 . 2009-03-06 02:26 -------- d-----w- c:\users\Eric\AppData\Roaming\gtk-2.0
2009-12-06 21:32 . 2009-08-25 03:07 -------- d-----w- c:\users\Eric\AppData\Roaming\Azureus
2009-12-06 21:32 . 2009-08-22 07:34 -------- d-----w- c:\users\Eric\AppData\Roaming\CyberLink
2009-12-06 21:32 . 2009-08-20 04:18 -------- d-----w- c:\users\Eric\AppData\Roaming\Apple Computer
2009-12-06 21:27 . 2009-09-22 04:03 -------- d-----w- c:\programdata\TuneUpMedia
2009-12-06 21:27 . 2009-08-20 04:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-12-06 21:27 . 2009-11-09 16:09 -------- d-----w- c:\programdata\NexonUS
2009-12-06 21:27 . 2009-11-09 08:11 -------- d-----w- c:\programdata\PMB Files
2009-12-06 21:27 . 2009-02-19 17:01 -------- d-----w- c:\programdata\SupportSoft
2009-12-06 21:27 . 2009-02-19 17:00 -------- d-----w- c:\programdata\Sonic
2009-12-06 21:25 . 2009-11-09 08:09 -------- d-----w- c:\program files\Pando Networks
2009-12-06 21:24 . 2009-10-20 05:05 -------- d-----w- c:\program files\EZGet
2009-12-06 02:29 . 2009-12-06 02:29 4096 ----a-w- c:\windows\system32\0FC86.tmp
2009-12-05 01:50 . 2009-12-05 01:50 4096 ----a-w- c:\windows\system32\0CA80.tmp
2009-12-02 02:37 . 2009-12-02 02:37 4096 ----a-w- c:\windows\system32\08E0C.tmp
2009-11-30 18:45 . 2009-11-30 18:45 4096 ----a-w- c:\windows\system32\09EDD.tmp
2009-11-30 16:17 . 2009-11-30 16:17 4096 ----a-w- c:\windows\system32\0AB2C.tmp
2009-11-30 16:14 . 2009-11-30 16:14 4096 ----a-w- c:\windows\system32\087AB.tmp
2009-11-30 07:20 . 2009-11-30 07:20 4096 ----a-w- c:\windows\system32\09D19.tmp
2009-11-30 04:16 . 2009-11-30 04:16 4096 ----a-w- c:\windows\system32\06AA9.tmp
2009-11-29 03:22 . 2009-11-29 03:22 4096 ----a-w- c:\windows\system32\0778F.tmp
2009-11-29 02:25 . 2009-11-29 02:25 4096 ----a-w- c:\windows\system32\0C122.tmp
2009-11-28 01:30 . 2009-11-28 01:30 4096 ----a-w- c:\windows\system32\07DE5.tmp
2009-11-26 06:10 . 2009-11-26 06:10 4096 ----a-w- c:\windows\system32\08EC7.tmp
2009-11-24 07:24 . 2009-11-24 07:24 4096 ----a-w- c:\windows\system32\0A266.tmp
2009-11-23 01:04 . 2009-11-23 01:04 4096 ----a-w- c:\windows\system32\0CF3F.tmp
2009-11-21 04:56 . 2009-11-21 04:56 4096 ----a-w- c:\windows\system32\0821A.tmp
2009-11-20 19:14 . 2009-11-20 19:14 4096 ----a-w- c:\windows\system32\0F085.tmp
2009-11-20 01:31 . 2009-11-20 01:31 4096 ----a-w- c:\windows\system32\0B309.tmp
2009-11-19 22:19 . 2009-11-19 22:19 4096 ----a-w- c:\windows\system32\022EA.tmp
2009-11-19 03:57 . 2009-11-19 03:57 4096 ----a-w- c:\windows\system32\0BB34.tmp
2009-11-18 01:46 . 2009-11-18 01:46 4096 ----a-w- c:\windows\system32\097FA.tmp
2009-11-17 03:08 . 2009-11-17 03:08 4096 ----a-w- c:\windows\system32\09CAB.tmp
2009-11-16 03:30 . 2009-11-16 03:30 4096 ----a-w- c:\windows\system32\08F82.tmp
2009-11-14 04:44 . 2009-11-14 04:44 4096 ----a-w- c:\windows\system32\05B1A.tmp
2009-11-13 04:14 . 2009-11-13 04:14 4096 ----a-w- c:\windows\system32\07CDD.tmp
2009-11-09 16:09 . 2009-11-09 16:09 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-09 16:09 . 2009-11-09 16:09 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-09 16:09 . 2009-11-09 16:09 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-09 16:09 . 2009-11-09 16:09 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-09 16:09 . 2009-11-09 16:09 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-09 16:09 . 2009-11-09 16:09 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-03 04:42 . 2009-10-03 17:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 13:41 . 2009-09-22 04:00 174 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\restart.bat
2009-10-02 00:25 . 2009-10-02 00:25 10686001 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-02-19 18:32 . 2009-02-19 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-09 2923192]
"Steam"="c:\program files\steam\steam.exe" [2009-10-25 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/6/2009 1:12 PM 81920]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [2/19/2009 8:58 AM 27648]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 5:21 PM 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/6/2009 1:13 PM 112128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-02-19 07:02]

2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{8B67DFA3-57A6-4FF7-A450-6C60982ED45B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\xcqc4kti.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Eric\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 15:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-12-29 15:48:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-29 23:48
ComboFix2.txt 2009-12-29 18:50
ComboFix3.txt 2009-12-29 17:17

Pre-Run: 111,128,444,928 bytes free
Post-Run: 111,006,076,928 bytes free

- - End Of File - - E721CDE1AC3B66BB2E5E89126E382E58

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
Thanks a bunch for your help, I am not the primary user of this computer so I will be sure to ask the owner if his system is running smoother now. The original problem was fixed and i guess that's the main thing for now.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
Not really, the most important thing is to install an AV, otherwise we just wasted our time if the user can't keep the machine safe.

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
Alright, its been installed , thanks again for your help

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum