WinPC

View previous topic View next topic Go down

Re: WinPC

Post by grgiagirl77 on 30th May 2009, 1:15 am

Hey everyone. I am having the same problems. I've got the same crap with the WNPC anti-virus plus google re-directs my websites to solicitors for other anti-virus websites. At first I was locked out and could not administrative access, but after trying a million times I was finally able to get in. I also tried the malware but like so many others it would not run. So I downloaded HIJACKTHIS with the combo fix and at first it said something like "combo fix has found rootkit activity and needs to restart, please write down the following" and there were 10 items listed. Not sure if you need that but if you do I wrote them down. The following was the log I received. I really appreciate the help. Thanks in advance for your time and effort. GOOD LUCK to anyone else with this crap!

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by grgiagirl77 on 30th May 2009, 1:16 am

ComboFix 09-05-28.09 - jones 05/29/2009 18:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.412 [GMT -4:00]
Running from: c:\users\jones\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\Gamevance\gvtl.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\jones\AppData\Local\Temp\install_flash_player.exe
c:\windows\ieocx.dll
c:\windows\system32\drivers\UACnpnoyqfwumdxuai.sys
c:\windows\system32\uacinit.dll
c:\windows\system32\UACirmjslapiutauna.log
c:\windows\system32\UACkbwxoarseopyxpg.dll
c:\windows\system32\UACnuifnolunpdpknq.log
c:\windows\system32\UACqhefbjvxlvvbnvd.dat
c:\windows\system32\UACrsputvrjpqptice.dll
c:\windows\system32\UACtkonjviptxisdjo.dll
c:\windows\system32\UACudhjtvyatdwsshh.log
c:\windows\system32\UACuycyebfhxoieckx.dll
c:\windows\system32\UACvmvelpeuevwnvcp.dll
c:\windows\system32\x64
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-29 22:14 . 2009-05-29 22:14 -------- d-----w c:\users\jones\AppData\Local\temp
2009-05-29 21:07 . 2009-05-29 21:09 -------- d-----w c:\users\jones\.SunDownloadManager
2009-05-29 20:03 . 2009-05-29 20:03 166 ----a-w c:\users\jones\AppData\Roaming\asd.bat
2009-05-28 22:19 . 2009-05-28 22:19 1097728 ----a-w c:\users\jones\AppData\Roaming\winav.exe
2009-05-28 20:52 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AB1C20E-067A-4B46-9D46-6207AFA39033}\mpengine.dll
2009-05-23 20:36 . 2009-05-23 20:36 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-15 21:15 . 2009-05-15 21:15 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 22:13 . 2009-04-28 20:27 -------- d-----w c:\program files\Gamevance
2009-05-29 21:24 . 2007-02-22 18:27 -------- d-----w c:\program files\Java
2009-05-29 21:17 . 2007-02-22 00:54 -------- d-----w c:\program files\lx_Cats
2009-05-26 02:21 . 2008-02-26 00:35 -------- d-----w c:\program files\The Weather Channel FW
2009-05-23 20:29 . 2007-08-05 07:19 -------- d-----w c:\programdata\Microsoft Help
2009-05-23 20:13 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-03 03:04 . 2007-02-22 19:27 9492 ----a-w c:\users\jones\AppData\Roaming\wklnhst.dat
2009-05-02 20:24 . 2008-09-11 20:49 -------- d-----w c:\users\jones\AppData\Roaming\FrostWire
2009-04-27 16:56 . 2007-02-22 01:23 -------- d-----w c:\programdata\Roxio
2009-04-03 21:17 . 2009-04-03 21:17 1915520 ----a-w c:\users\jones\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-01 05:44 . 2009-04-01 05:44 -------- d-----w c:\programdata\CA
2009-04-01 05:32 . 2009-04-01 05:32 -------- d-----w c:\programdata\PCPitstop
2009-04-01 05:31 . 2009-04-01 05:31 -------- d-----w c:\program files\PCPitstop
2009-03-17 03:38 . 2009-04-15 08:07 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 08:07 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 09:19 . 2009-01-08 17:40 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 08:07 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 08:07 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 08:07 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 08:07 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 08:07 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 08:07 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 08:07 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 08:07 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 08:07 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 08:07 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 08:07 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 08:07 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 08:07 26624 ----a-w c:\windows\system32\ieUnatt.exe
2007-03-09 22:13 . 2007-03-09 22:13 774144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

and still more......

Post by grgiagirl77 on 30th May 2009, 1:17 am

.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C621F09-DFF3-415A-B7D1-142678EFEB34}]
2008-11-05 22:07 2435584 ----a-w c:\program files\Fast Browser Search\IE\FBStoolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AVScan"="c:\users\jones\AppData\Roaming\winav.exe" [2009-05-28 1097728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"PC Pitstop Optimize Reminder"="c:\program files\PCPitstop\Optimize2\Reminder.exe" [2008-01-31 145648]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-04-28 104960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-08 4227072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VonageRestart.exe [2006-8-17 3889140]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2006-12-9 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^jones^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{17E4BC82-3A41-4E45-B1DB-393804C831BA}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{DC97AE6E-6D71-4D33-981C-711FF5BB8B03}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{ABBAC0DE-8483-4F02-98F0-93FB675EEA2B}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{432B9307-066F-4CCC-B9A6-1CF1F8FA0AF5}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{CF0C3F2E-6756-4DD6-94AA-6952FA47577F}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8B7C6C38-24F6-4E58-8F49-DE6C98353317}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{20198E60-33BE-4DD1-8625-EE07D73606A0}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{EA8D18C0-DDFA-49D1-A143-EC44E40DB490}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{DC546300-CCC5-41B0-97E9-A4192D67F95D}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{67C85172-9899-47C5-B70D-0168B088FD0F}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{9FD9DF9B-5A0D-4774-9561-B61288488C9D}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{B9F08ABE-C01B-45F2-9153-01C82F8F4F8E}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{6AB417EC-BFFF-4874-B813-6D458408D9FA}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{59BA5B39-BE2F-40EC-9602-59A1D5184399}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{ABE216FF-DAF5-4264-974B-0B719E66D547}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{5C4BB2A7-F1F0-4FA6-A6C7-D9F6D3ECCBA9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C48197D-1649-46B8-AAD3-427DBD4AB8F1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B48731A5-9347-4CEE-8933-C20B77C5710F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9770B33F-490D-4EC7-9DB0-A47BCC3081EE}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81E4E0D7-C0D9-42EB-9130-F81DD46EB77A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F81062BE-8E6C-4769-B7FC-D40504233E89}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0A42219E-D2C0-4E2A-9ED1-6E9A7F817BA0}"= UDP:c:\windows\System32\lxcicoms.exe:7300 Series Server
"{72B23454-B1E4-4405-B2E8-BD394A5BEB97}"= TCP:c:\windows\System32\lxcicoms.exe:7300 Series Server
"{DDB354FC-0916-4F62-A058-5EC96AF8FB93}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B57D591-DF72-4252-B631-5AD6130362BB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1E624DA9-87A1-48D1-818C-C1397E4CDC84}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9F3733C9-8852-40D1-8F42-B05DD307F650}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A8B52EB1-E7B5-469F-B6BC-4749661E9481}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C28E9180-4BD1-468E-93B4-5990BDEB3536}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9710C888-1050-4680-9A38-DA185562E28F}"= UDP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{589B517D-2DF6-426C-84D9-015E98836224}"= TCP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{479CCEE5-DD35-4473-9F5A-F57752F96A4A}"= UDP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{725B25F5-E907-427A-B309-7AC75A3DE0F4}"= TCP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{6A87ADF8-B5B8-4184-B238-903D3D5C3FAA}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{0FD76FC0-C656-4E5A-96FF-C9C704A52D66}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{A8DC550A-E495-4BB8-B564-5DBDAAEE2B7D}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7AF830D0-A0C7-4B67-86A8-8E6F6C83C2D5}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{8131C0DD-1FC7-469B-B8B6-7D19BD32D810}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{4C2E8078-FE16-4B2E-8368-B108CB51504C}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{F9FC8278-F9AC-44D9-AECE-F251E30C3B2E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CE37E450-5F27-469D-9995-9E6833B06571}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{90E382ED-B040-4055-B454-27C0457231D9}"= UDP:c:\program files\Common Files\AOL\1175284547\ee\aolsoftware.exe:AOL Shared Components
"{ABE86B06-B115-43A1-A763-7A6F737F7DEA}"= TCP:c:\program files\Common Files\AOL\1175284547\ee\aolsoftware.exe:AOL Shared Components
"{5A72326D-2AD2-4006-AA13-F0920184EBF8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{60DEA53D-678D-4C9F-8D5A-C102EAFDB021}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{9FD1662C-D719-47AF-904C-AA909A97A1FC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{94CAB517-0EC9-4A54-B878-66C1EB027DD5}"= UDP:c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{4DF47F82-2113-4187-9F67-EA5DF867A692}"= TCP:c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{DC060240-29B4-4514-9399-A14F6E046300}"= UDP:c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{A04D950D-1B43-4820-A571-7F58FC7094E8}"= TCP:c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{BBF4494D-9543-4A07-BD17-B36BCAED603C}"= UDP:c:\program files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{B57A287C-DC3B-4891-BE5C-5B2347470BE4}"= TCP:c:\program files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{FBFED072-97A4-40DB-9644-D927A91A2066}"= UDP:c:\program files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{B484F603-02AB-4051-9827-F02B98138BD4}"= TCP:c:\program files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{EC6507E2-5981-4E63-A89E-F0F0FF718D1F}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{97286965-144E-4261-95E6-F7192246CDFF}"= Disabled:UDP:7288:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7288
"{CB5FAF68-1821-49B8-84B4-5D70F6869F1A}"= Disabled:UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{289231CC-7437-4F80-BEFA-00E768C2CCFD}"= Disabled:UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{026F21E2-C50A-40EE-A4A1-24CA5F387B6D}"= Disabled:UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{65469240-FBFA-4F74-9AFC-553A7172FCA7}"= Disabled:UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{49AA055D-112C-4B65-8CC2-2057EEB7FAE0}"= Disabled:UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{6EE3F872-CAFB-4A3B-A73B-D95B4AC326E2}"= Disabled:UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{68C9E114-F498-4890-A3E7-D6925AE07BFD}"= Disabled:UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{AA4D7CFA-C4AF-4594-9E28-5ECB11A23F52}"= Disabled:UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{B46C41D9-DD66-4849-8378-16790E387586}"= Disabled:UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"TCP Query User{F95DBD8D-66AC-45DD-AAEE-0CF51B3FB773}c:\\program files\\hp games\\wheel of fortune\\wheel of fortune.exe"= UDP:c:\program files\hp games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"UDP Query User{90A9A2E0-3C55-4013-AC9C-A506951A914B}c:\\program files\\hp games\\wheel of fortune\\wheel of fortune.exe"= TCP:c:\program files\hp games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"{4CC879E3-6DC8-49FE-A360-FA19E599B24B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{995CD8E8-3E3F-4748-B4C1-95E94751BE91}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1032CEA7-E741-4EBA-8DA6-045D0BCC2170}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{72106C03-936B-436E-8CF6-CA4ECD0B2979}"= UDP:c:\program files\Common Files\AOL\1175284547\ee\aolsoftware.exe:AOL Services
"{80C4C5C4-CC64-4EFD-A66D-5CCEB6619759}"= TCP:c:\program files\Common Files\AOL\1175284547\ee\aolsoftware.exe:AOL Services
"{585F60FF-D2C3-4114-807B-F49C305E3172}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{4EED742E-2956-4C6B-9A89-CCEAE3DFF07C}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{D2715EE4-3CAB-4201-B57E-613CD57135AB}c:\\program files\\limewire\\limewire.exe"= Disabled:UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B93CD74B-5D1F-40F7-8927-C5C2E8FFD4C8}c:\\program files\\limewire\\limewire.exe"= Disabled:TCP:c:\program files\limewire\limewire.exe:LimeWire
"{EEC679D1-D31A-4FCE-8FAD-B528423DCC9E}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{C3E25041-F40F-4690-B979-13606DFA6802}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{A6FBF906-5755-43A4-A90A-CC0E187E269D}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{7BF4894A-147D-480C-9E07-3A8F08157C1B}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{1C7D21B5-7476-4CB2-8275-39D5D98EE1D1}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{1A18C831-42A5-4949-8686-E47D7E238868}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{84F96EBE-D7F9-4466-89CD-B8B38EAE9BD2}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{B48752B5-BEF2-4729-97A2-585FC43B2B8C}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{46615F57-0F0E-4FE5-9E83-EA9CD14C3749}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{823C192B-9154-40BA-9A83-B7228F443B6C}"= TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{86199F65-E96A-4593-A2C8-B72B747234F6}c:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{67D4A7B8-5546-4656-8F2C-0740959EBCB4}c:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by grgiagirl77 on 30th May 2009, 1:17 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070419.001\IDSvix86.sys [4/19/2007 5:00 PM 212280]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [9/3/2006 2:32 PM 208896]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/6/2007 11:12 AM 864768]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/5/2008 11:52 AM 30152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/22/2007 3:39 PM 106808]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/30/2007 8:55 PM 37936]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [5/10/2006 1:13 PM 29696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - jones.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2009-05-29 c:\windows\Tasks\User_Feed_Synchronization-{87A3D8D9-CB78-487B-B361-F43A7F3912FC}.job
- c:\windows\system32\msfeedssync.exe [2008-06-02 07:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{39fc2065-c9c7-49cd-8942-44cc2dedc844} - c:\windows\ieocx.dll
BHO-{BEAC7DC8-E106-4C6A-931E-5A42E7362883} - c:\program files\Gamevance\gvtl.dll
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {8957387C-BCB6-4C78-B7EB-2295FD007591} = 166.102.165.11 166.102.165.13
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-29 18:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-29 18:20
ComboFix-quarantined-files.txt 2009-05-29 22:19

Pre-Run: 154,839,449,600 bytes free
Post-Run: 155,330,945,024 bytes free

296 --- E O F --- 2009-05-28 20:52

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by grgiagirl77 on 30th May 2009, 1:18 am

Sorry for all the posts. It kept saying my message was too big. I am so lost when it comes to this. I hope I sent you the right stuff. Thanks again so much for your help. :-)

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by Belahzur on 30th May 2009, 1:25 am

Hello.
I have split your post off into a new topic.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

If you choose to follow my recommendation then follow these instructions.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight any of the following programs:

    Frostwire
    Limewire
    Viewpoint Manager (remove only)
    Viewpoint Media Player
    Viewpoint Toolbar

  • Click on the Uninstall/Change button at the top.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\users\jones\AppData\Roaming\asd.bat
c:\users\jones\AppData\Roaming\winav.exe

Folder::
c:\program files\Gamevance
c:\users\jones\AppData\Roaming\FrostWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVScan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gamevance"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F9FC8278-F9AC-44D9-AECE-F251E30C3B2E}"=-
"{CE37E450-5F27-469D-9995-9E6833B06571}"=-
"TCP Query User{D2715EE4-3CAB-4201-B57E-613CD57135AB}c:\\program files\\limewire\\limewire.exe"=-
"UDP Query User{B93CD74B-5D1F-40F7-8927-C5C2E8FFD4C8}c:\\program files\\limewire\\limewire.exe"=-
"{EEC679D1-D31A-4FCE-8FAD-B528423DCC9E}"=-
"{C3E25041-F40F-4690-B979-13606DFA6802}"=-

DDS::
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinPC

Post by grgiagirl77 on 30th May 2009, 1:34 am

ok before I do this let me give you this information incase you need it. OK, I am trying to uninstall Limewire (thought I had a long time ago) and it does not show up under my programs. When I do a search for it on my computer it does show up but will not let me uninstall it. How do I get it off? It shows there are a few versions on my computer.

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by grgiagirl77 on 30th May 2009, 1:36 am

viewpoint manager and toolbar were not listed either.

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by Belahzur on 30th May 2009, 12:17 pm

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.


    Frostwire
    Limewire
    Viewpoint Manager (remove only)
    Viewpoint Media Player
    Viewpoint Toolbar


  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinPC

Post by grgiagirl77 on 31st May 2009, 5:45 am

they werent listed under the Revo Uninstaller either. Although I was able to uninstall Spadester which I had been unable to uninstall because it said I did not have access to. But anyway...limewire still shows up when I do a search on my computer...several versions...but did not show up where I could uninstall it.

grgiagirl77
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-05-30
OS OS : Windows Vista Premium
Points Points : 27508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinPC

Post by Belahzur on 31st May 2009, 12:46 pm

Replied to your PM, run my CFScript if it's still on the installed items list, Combofix will delete it's folder regardless.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum