WnPC antivirus

View previous topic View next topic Go down

WnPC antivirus

Post by cottoncandy23 on Tue May 26, 2009 10:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:28 a.m., on 27/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\emitray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Tia Wilson.STUDIO\Application Data\winav.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\PhoneConnectorVMC.exe
D:\vmc.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Tia Wilson.STUDIO\Local Settings\Temporary Internet Files\Content.IE5\94CO3NN3\hijackgpthis[1].exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AVScan] C:\Documents and Settings\Tia Wilson.STUDIO\Application Data\winav.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [You must be registered and logged in to see this link.]
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A64D4D7-31EB-4E89-B8FC-0CDA1E7A0DB8}: NameServer = 202.73.198.16 202.73.206.16
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Emagic EMI 2|6 System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\System32\emitray.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]
O24 - Desktop Component 1: (no name) - [You must be registered and logged in to see this link.]
O24 - Desktop Component 2: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 10305 bytes


im having problems with this wnpc thing that keeps popping up every 20 seconds or so, its driving me nuts please help, ive tried downloading the anti malware thing but it freezes so ive downloaded java (i think) an the adobe cheers

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Origin on Wed May 27, 2009 1:57 am


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8A64D4D7-31EB-4E89-B8FC-0CDA1E7A0DB8}: NameServer = 202.73.198.16 202.73.206.16



  • Press "Fix Checked"
  • Close Hijack This.




1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See [You must be registered and logged in to see this link.] for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Wed May 27, 2009 5:10 am

thank you so much pc is all fixed now Big Grin

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Origin on Wed May 27, 2009 5:13 am

The computer still has some left overs that could trigger the computer to become infected again, please post the combofix log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Wed May 27, 2009 5:15 am

oh.. um how do i do that?? will i have to run the combofix thingy again?

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Origin on Wed May 27, 2009 5:18 am

No the comboFix should eb loced somewhere in your C:\ drive, just look for something called ComboFix.txt


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Wed May 27, 2009 5:23 am

ComboFix 09-05-26.02 - Tia Wilson 27/05/2009 15:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.341 [GMT 12:00]
Running from: c:\documents and settings\Tia Wilson.STUDIO\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\TIAWIL~1.STU\LOCALS~1\Temp\nyps4.exe
c:\windows\base64.tmp
c:\windows\ieocx.dll
c:\windows\system32\__c003F7B.dat
c:\windows\system32\__c00ABC54.dat
c:\windows\system32\__c00E7931.dat
c:\windows\system32\drivers\UACqpsmpixjswaorjg.sys
c:\windows\system32\UACcvkfhwelnkfmbuy.log
c:\windows\system32\UACcvnaqnfwsncgpdu.log
c:\windows\system32\UACeppjccrrntjtfim.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkhbotvvpgodyebx.dat
c:\windows\system32\UACmmqlhtimoygtfnd.dll
c:\windows\system32\UACoydxodulkgrmlqx.dll
c:\windows\system32\UACtdrsnhlxbqaabxg.log
c:\windows\system32\UACupnwkmlnpjcidev.dll
c:\windows\system32\UACyidujwlyyblanna.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32taack.dat
c:\windows\Web\def.htm
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 01:12 . 2009-05-26 01:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 01:12 . 2009-05-27 01:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 01:12 . 2009-05-27 01:12 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-27 01:12 . 2009-05-26 01:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 22:33 . 2009-05-26 22:37 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\.SunDownloadManager
2009-05-26 22:26 . 2009-05-26 22:26 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-26 22:03 . 2009-05-26 22:24 -------- d-----w c:\program files\Google
2009-05-26 22:03 . 2009-05-26 22:27 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-26 22:03 . 2009-05-26 22:27 -------- d-----w c:\program files\NOS
2009-05-26 11:15 . 2009-05-26 11:15 206 ----a-w c:\documents and settings\Tia Wilson.STUDIO\Application Data\asd.bat
2009-05-26 08:58 . 2009-05-26 08:58 1097728 ----a-w c:\documents and settings\Tia Wilson.STUDIO\Application Data\winav.exe
2009-05-22 02:49 . 2009-05-26 22:28 -------- d-----w c:\program files\Steam
2009-05-17 00:53 . 2009-05-17 00:53 -------- d-----w c:\program files\Eureka
2009-05-14 23:14 . 2009-03-19 04:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-14 23:14 . 2008-04-17 00:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-14 23:13 . 2009-05-14 23:13 -------- d-----w c:\program files\iPod
2009-05-14 23:13 . 2009-05-14 23:14 -------- d-----w c:\program files\iTunes
2009-05-14 23:13 . 2009-05-14 23:14 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-14 23:13 . 2009-05-14 23:13 -------- d-----w c:\program files\Bonjour
2009-05-14 23:12 . 2009-05-14 23:12 -------- d-----w c:\program files\QuickTime
2009-05-14 23:10 . 2009-05-14 23:10 -------- d-----w c:\program files\Apple Software Update
2009-05-14 23:10 . 2009-03-26 03:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-14 23:10 . 2009-03-26 03:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-14 23:09 . 2009-05-14 23:13 -------- d-----w c:\program files\Common Files\Apple
2009-05-14 23:09 . 2009-05-14 23:09 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-05-14 21:30 . 2009-05-14 21:30 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Macrovision
2009-05-14 21:26 . 2009-05-14 21:26 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Macrovision
2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Local Settings\Application Data\Downloaded Installations
2009-05-14 15:03 . 2004-08-04 07:56 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-14 09:53 . 2009-05-26 03:06 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\mIRC
2009-05-14 09:53 . 2009-05-26 02:18 -------- d-----w c:\program files\mIRC
2009-05-14 09:49 . 2009-05-14 09:50 -------- d-----w c:\program files\LimeWire
2009-05-14 03:02 . 2009-05-26 22:27 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Tracing
2009-05-14 03:01 . 2009-05-15 07:24 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-14 03:00 . 2009-05-14 03:00 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-14 02:59 . 2009-05-14 02:59 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-14 02:58 . 2009-05-14 02:58 -------- d-----w c:\program files\Microsoft
2009-05-14 02:58 . 2009-05-14 02:58 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-14 02:57 . 2009-05-14 03:01 -------- d-----w c:\program files\Windows Live
2009-05-14 02:47 . 2009-05-14 02:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-14 02:44 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-14 02:44 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-05-14 02:44 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-14 02:44 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-14 02:44 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-14 02:44 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-14 02:44 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-14 02:44 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-14 02:44 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-14 02:38 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-14 02:31 . 2009-05-14 02:31 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Template
2009-05-14 02:28 . 2007-09-11 21:56 101120 ----a-r c:\windows\system32\drivers\ewusbmdm.sys
2009-05-14 02:23 . 2009-05-14 02:23 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Vodafone
2009-05-14 02:22 . 2009-05-14 02:22 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Bytemobile
2009-05-14 02:20 . 2009-05-14 02:20 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\InstallShield
2009-05-14 02:20 . 2009-05-14 02:20 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield
2009-05-14 02:17 . 2009-05-14 21:26 -------- d-----w c:\program files\Vodafone
2009-05-14 02:16 . 2009-05-14 02:16 8464 ----a-w c:\windows\system32\SpOrder.dll
2009-05-14 02:07 . 2002-09-30 21:22 9856 ------w c:\windows\system32\drivers\pfc.sys
2009-05-14 02:07 . 2009-05-14 02:07 -------- d-----w c:\program files\ArcSoft
2009-05-14 02:07 . 1999-05-25 21:46 212480 ----a-w c:\windows\pcdlib32.dll
2009-05-13 21:12 . 2009-05-13 21:12 -------- d-----w c:\program files\Microsoft Encarta
2009-05-13 21:02 . 2009-05-22 05:29 -------- d-----w c:\program files\Microsoft Picture It! PhotoPub
2009-05-13 11:16 . 2009-05-13 11:16 -------- d-----w c:\windows\ShellNew
2009-05-13 11:15 . 2009-05-13 11:15 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Microsoft Web Folders
2009-05-13 11:10 . 2009-05-13 11:10 -------- d-----w c:\program files\Microsoft Works Suite 2001

.

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Wed May 27, 2009 5:23 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:56 . 2004-02-16 05:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-26 21:54 . 2007-12-22 02:33 -------- d-----w c:\program files\Java
2009-05-26 12:01 . 2003-12-29 03:50 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-20 00:10 . 2007-12-22 02:35 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\LimeWire
2009-05-17 00:53 . 2003-12-29 02:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 23:12 . 2005-06-10 00:18 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-05-14 02:23 . 2004-04-13 05:25 80672 -c--a-w c:\documents and settings\Tia Wilson.STUDIO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 11:17 . 2004-09-06 08:46 -------- d-----w c:\program files\Microsoft Works
2009-04-02 04:29 . 2009-04-02 04:29 75048 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 04:32 . 2009-03-19 04:32 23400 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-06 14:44 . 2003-12-29 01:47 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-06-22 22:33 826368 ----a-w c:\windows\system32\wininet.dll
2005-03-17 02:30 . 2004-09-19 10:02 1339 -c--a-w c:\program files\uninstal.log
2001-10-04 23:53 . 2004-04-13 04:56 21866 -c--a-w c:\program files\Common Files\tppupd2k.dll
2001-08-23 12:00 . 2003-12-21 01:38 438774 -c--a-r c:\program files\txtsetup.sif
2001-08-23 12:00 . 2003-12-21 01:38 237728 -c--a-r c:\program files\$LDR$
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-27 3660848]
"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"MobileConnect.EXE"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [2007-05-22 3076096]
"Steam"="c:\program files\Steam\Steam.exe" [2009-05-22 1217784]
"AVScan"="c:\documents and settings\Tia Wilson.STUDIO\Application Data\winav.exe" [2009-05-26 1097728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-05-26 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-07 69632]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-02-23 377856]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-04 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-30 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-03 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-30 28739]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Tia Wilson.STUDIO\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-4-13 225280]
PowerReg Scheduler.exe [2005-9-30 256000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-6-30 24633]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI3"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Logic232;Logic232;c:\windows\system32\drivers\Logic232.sys [21/12/2003 2:53 p.m. 6356]
S3 BulkUsb;Usb2.0 Video Capture;c:\windows\system32\drivers\usbscan.sys [26/05/2004 4:09 p.m. 15104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/10/2006 10:22 p.m. 17149]
S3 emifilt;Emagic EMI 2|6 Filter Service;c:\windows\system32\drivers\emifilt.sys [6/07/2004 10:57 p.m. 8715]
S3 emiload;Emagic EMI 2|6 Device Firmware Loader Service;c:\windows\system32\drivers\emiload.sys [6/07/2004 10:57 p.m. 248996]
S3 MDX3LDR;Midex 3 - Firmware Loader;c:\windows\system32\drivers\Mdx3ldr.sys [21/12/2003 3:02 p.m. 19584]
S3 MIDEX3;Midex 3 - USB Midi Driver;c:\windows\system32\drivers\Midex3.sys [21/12/2003 3:02 p.m. 80720]
S3 pohci13F;pohci13F;\??\c:\docume~1\Family\LOCALS~1\Temp\pohci13F.sys --> c:\docume~1\Family\LOCALS~1\Temp\pohci13F.sys [?]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [1/12/2004 3:04 p.m. 50432]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 00:34]
.

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Wed May 27, 2009 5:24 am

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
LSP: bmnet.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-27 15:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\bmnet.dll
.
Completion time: 2009-05-27 15:30
ComboFix-quarantined-files.txt 2009-05-27 03:30

Pre-Run: 21,442,789,376 bytes free
Post-Run: 24,332,783,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

231 --- E O F --- 2009-05-26 11:53

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Origin on Thu May 28, 2009 12:26 am

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Limewire 4.18.8


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Sun May 31, 2009 5:40 am

sorry it has taken me so long to reply i had some familt problems an havnt been on, i got rid of limewire, an my 2 year old turnd the pc off at the wall today an when i turned it back on those things had started to pop up again,

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Belahzur on Sun May 31, 2009 12:45 pm

Hello.
The main infection is gone, it's just the leftovers causing it.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
pohci13F

File::
c:\documents and settings\Tia Wilson.STUDIO\Application Data\asd.bat
c:\documents and settings\Tia Wilson.STUDIO\Application Data\winav.exe
c:\documents and settings\Tia Wilson.STUDIO\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\documents and settings\Tia Wilson.STUDIO\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Folder::
c:\program files\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVScan"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Mon Jun 01, 2009 2:59 am

ComboFix 09-05-26.02 - Tia Wilson 01/06/2009 14:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.143 [GMT 12:00]
Running from: c:\documents and settings\Tia Wilson.STUDIO\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Tia Wilson.STUDIO\Desktop\CFScript.lnk
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-05-30 00:35 . 2009-05-30 00:35 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2009-05-30 00:30 . 2009-05-30 00:41 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-05-27 05:02 . 2009-02-06 06:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-27 01:12 . 2009-05-26 01:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 01:12 . 2009-05-27 01:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 01:12 . 2009-05-27 01:12 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-27 01:12 . 2009-05-26 01:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 22:33 . 2009-05-26 22:37 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\.SunDownloadManager
2009-05-26 22:26 . 2009-05-26 22:26 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-26 22:03 . 2009-05-31 05:14 -------- d-----w c:\program files\Google
2009-05-26 22:03 . 2009-05-26 22:27 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-26 22:03 . 2009-05-26 22:27 -------- d-----w c:\program files\NOS
2009-05-26 11:15 . 2009-05-26 11:15 206 ----a-w c:\documents and settings\Tia Wilson.STUDIO\Application Data\asd.bat
2009-05-26 08:58 . 2009-05-26 08:58 1097728 ----a-w c:\documents and settings\Tia Wilson.STUDIO\Application Data\winav.exe
2009-05-22 02:49 . 2009-05-31 05:16 -------- d-----w c:\program files\Steam
2009-05-17 00:53 . 2009-05-17 00:53 -------- d-----w c:\program files\Eureka
2009-05-14 23:14 . 2009-03-19 04:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-14 23:14 . 2008-04-17 00:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-14 23:13 . 2009-05-14 23:13 -------- d-----w c:\program files\iPod
2009-05-14 23:13 . 2009-05-14 23:14 -------- d-----w c:\program files\iTunes
2009-05-14 23:13 . 2009-05-14 23:14 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-14 23:13 . 2009-05-14 23:13 -------- d-----w c:\program files\Bonjour
2009-05-14 23:12 . 2009-05-14 23:12 -------- d-----w c:\program files\QuickTime
2009-05-14 23:10 . 2009-05-14 23:10 -------- d-----w c:\program files\Apple Software Update
2009-05-14 23:10 . 2009-03-26 03:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-14 23:10 . 2009-03-26 03:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-14 23:09 . 2009-05-14 23:13 -------- d-----w c:\program files\Common Files\Apple
2009-05-14 23:09 . 2009-05-14 23:09 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-05-14 21:30 . 2009-05-14 21:30 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Macrovision
2009-05-14 21:26 . 2009-05-14 21:26 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Macrovision
2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Local Settings\Application Data\Downloaded Installations
2009-05-14 15:03 . 2004-08-04 07:56 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-14 09:53 . 2009-05-31 11:19 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\mIRC
2009-05-14 09:53 . 2009-05-31 11:04 -------- d-----w c:\program files\mIRC
2009-05-14 03:02 . 2009-05-31 05:41 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Tracing
2009-05-14 03:01 . 2009-05-15 07:24 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-14 03:00 . 2009-05-14 03:00 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-14 02:59 . 2009-05-14 02:59 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-14 02:58 . 2009-05-14 02:58 -------- d-----w c:\program files\Microsoft
2009-05-14 02:58 . 2009-05-14 02:58 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-14 02:57 . 2009-05-27 05:02 -------- d-----w c:\program files\Windows Live
2009-05-14 02:47 . 2009-05-14 02:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-14 02:44 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-14 02:44 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-05-14 02:44 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-14 02:44 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-14 02:44 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-14 02:44 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-14 02:44 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-14 02:44 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-14 02:44 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-14 02:38 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-14 02:31 . 2009-05-14 02:31 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Template
2009-05-14 02:28 . 2007-09-11 21:56 101120 ----a-r c:\windows\system32\drivers\ewusbmdm.sys
2009-05-14 02:23 . 2009-05-14 02:23 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Vodafone
2009-05-14 02:22 . 2009-05-14 02:22 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Bytemobile
2009-05-14 02:20 . 2009-05-14 02:20 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\InstallShield
2009-05-14 02:20 . 2009-05-14 02:20 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield
2009-05-14 02:17 . 2009-05-14 21:26 -------- d-----w c:\program files\Vodafone
2009-05-14 02:16 . 2009-05-14 02:16 8464 ----a-w c:\windows\system32\SpOrder.dll
2009-05-14 02:07 . 2002-09-30 21:22 9856 ------w c:\windows\system32\drivers\pfc.sys
2009-05-14 02:07 . 2009-05-14 02:07 -------- d-----w c:\program files\ArcSoft
2009-05-14 02:07 . 1999-05-25 21:46 212480 ----a-w c:\windows\pcdlib32.dll
2009-05-13 21:12 . 2009-05-13 21:12 -------- d-----w c:\program files\Microsoft Encarta
2009-05-13 21:02 . 2009-05-22 05:29 -------- d-----w c:\program files\Microsoft Picture It! PhotoPub
2009-05-13 11:16 . 2009-05-13 11:16 -------- d-----w c:\windows\ShellNew
2009-05-13 11:15 . 2009-05-13 11:15 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\Microsoft Web Folders
2009-05-13 11:10 . 2009-05-13 11:10 -------- d-----w c:\program files\Microsoft Works Suite 2001

.

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Mon Jun 01, 2009 3:00 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 04:43 . 2007-12-22 02:35 -------- d-----w c:\documents and settings\Tia Wilson.STUDIO\Application Data\LimeWire
2009-05-26 21:56 . 2004-02-16 05:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-26 21:54 . 2007-12-22 02:33 -------- d-----w c:\program files\Java
2009-05-26 12:01 . 2003-12-29 03:50 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-17 00:53 . 2003-12-29 02:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 23:12 . 2005-06-10 00:18 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-05-14 02:23 . 2004-04-13 05:25 80672 -c--a-w c:\documents and settings\Tia Wilson.STUDIO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 11:17 . 2004-09-06 08:46 -------- d-----w c:\program files\Microsoft Works
2009-04-02 04:29 . 2009-04-02 04:29 75048 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 04:32 . 2009-03-19 04:32 23400 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-06 14:44 . 2003-12-29 01:47 283648 ----a-w c:\windows\system32\pdh.dll
2005-03-17 02:30 . 2004-09-19 10:02 1339 -c--a-w c:\program files\uninstal.log
2001-10-04 23:53 . 2004-04-13 04:56 21866 -c--a-w c:\program files\Common Files\tppupd2k.dll
2001-08-23 12:00 . 2003-12-21 01:38 438774 -c--a-r c:\program files\txtsetup.sif
2001-08-23 12:00 . 2003-12-21 01:38 237728 -c--a-r c:\program files\$LDR$
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-23 12:00 . 2009-05-31 05:20 60332 c:\windows\system32\perfc009.dat
+ 2009-05-27 05:02 . 2009-02-06 06:08 55152 c:\windows\system32\DRVSTORE\fssfltr_A1BAE7BA557F7F8ABCBF040E8C71D6B14223DCB0\fssfltr_tdi.sys
+ 2009-05-30 00:36 . 2009-05-30 00:36 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-30 00:36 . 2009-05-30 00:36 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-30 00:36 . 2009-05-30 00:36 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-30 00:36 . 2009-05-30 00:36 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-30 00:36 . 2009-05-30 00:36 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-30 00:36 . 2009-05-30 00:36 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2001-08-23 12:00 . 2009-05-31 05:20 398222 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-27 3660848]
"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"MobileConnect.EXE"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [2007-05-22 3076096]
"Steam"="c:\program files\Steam\Steam.exe" [2009-05-22 1217784]
"AVScan"="c:\documents and settings\Tia Wilson.STUDIO\Application Data\winav.exe" [2009-05-26 1097728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-07 69632]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-02-23 377856]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-04 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-30 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-03 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-30 28739]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Tia Wilson.STUDIO\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-4-13 225280]
PowerReg Scheduler.exe [2005-9-30 256000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-6-30 24633]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI3"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Mon Jun 01, 2009 3:00 am

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [27/05/2009 5:02 p.m. 55152]
R2 Logic232;Logic232;c:\windows\system32\drivers\Logic232.sys [21/12/2003 2:53 p.m. 6356]
S2 gupdate1c9e0be8d91adb4;Google Update Service (gupdate1c9e0be8d91adb4);c:\program files\Google\Update\GoogleUpdate.exe [30/05/2009 12:35 p.m. 133104]
S3 BulkUsb;Usb2.0 Video Capture;c:\windows\system32\drivers\usbscan.sys [26/05/2004 4:09 p.m. 15104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/10/2006 10:22 p.m. 17149]
S3 emifilt;Emagic EMI 2|6 Filter Service;c:\windows\system32\drivers\emifilt.sys [6/07/2004 10:57 p.m. 8715]
S3 emiload;Emagic EMI 2|6 Device Firmware Loader Service;c:\windows\system32\drivers\emiload.sys [6/07/2004 10:57 p.m. 248996]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 6:08 p.m. 533360]
S3 MDX3LDR;Midex 3 - Firmware Loader;c:\windows\system32\drivers\Mdx3ldr.sys [21/12/2003 3:02 p.m. 19584]
S3 MIDEX3;Midex 3 - USB Midi Driver;c:\windows\system32\drivers\Midex3.sys [21/12/2003 3:02 p.m. 80720]
S3 pohci13F;pohci13F;\??\c:\docume~1\Family\LOCALS~1\Temp\pohci13F.sys --> c:\docume~1\Family\LOCALS~1\Temp\pohci13F.sys [?]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [1/12/2004 3:04 p.m. 50432]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 00:34]

2009-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-26 00:30]

2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 00:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
LSP: bmnet.dll
TCP: {8A64D4D7-31EB-4E89-B8FC-0CDA1E7A0DB8} = 202.73.198.16 202.73.206.16
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-01 14:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-01 14:46
ComboFix-quarantined-files.txt 2009-06-01 02:45
ComboFix2.txt 2009-05-31 05:33
ComboFix3.txt 2009-05-27 03:30

Pre-Run: 24,124,907,520 bytes free
Post-Run: 24,109,101,056 bytes free

220 --- E O F --- 2009-05-26 11:53

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Origin on Mon Jun 01, 2009 3:03 am

Hello did you run teh script as said so above in Belahzur post? The combofix log still shows those files.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Mon Jun 01, 2009 9:09 pm

um.. i went into the add / remove programmes an got rid of lime wire, then i copied the stuff that was sent on here like i was told, then moved it from my desktop into the combo fix then it ran, the log was what came up after it

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Belahzur on Mon Jun 01, 2009 9:29 pm

Hello.
You did run the script, but it wasn't saved right.

You saved it as a shortcut (.ink) and not a text file (.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WnPC antivirus

Post by cottoncandy23 on Tue Jun 02, 2009 2:06 am

ok i went back an did everything from the start, then the combofix ran an it turned my pv off automatically, but when it was shutting down it stalled an wouldnt get off the "windows is shutting down" page, i restarted it an it was normal, the pop ups have gone, do i need to run combo fix again an send the log files thru here??

cottoncandy23
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-05-26
Gender : Female
OS : windows xp home edition

View user profile

Back to top Go down

Re: WnPC antivirus

Post by Origin on Tue Jun 02, 2009 2:08 am

Please paste the ComboFix log back here, it should be located somewhere on your C:\ drive.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum