Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help Removing WINPC Antivirus


  • Please log in to reply

#1
dolla dolla jillz

dolla dolla jillz

    New Member

  • Member
  • Pip
  • 1 posts
I have tried removing WINPC Antivirus using past members questions. I have downloaded combofix and the results of my registry scan is below. Please try and keep things easy for me! Thanks.

ComboFix 09-05-30.06 - Owner 05/31/2009 12:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\pidle
c:\windows\ieocx.dll
c:\windows\system32\ovfsthijqkvbkvvcfsqgkhpqdtsfoslotuvmot.dat
c:\windows\system32\ovfsthlkdumfspraydxbvuomhrwdeksjtbbrvj.dat
c:\windows\system32\sdra64.exe
c:\windows\system32\UACamurpwooosxsnwd.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACqwuwslruwkkyigs.dat

----- BITS: Possible infected sites -----

hxxp://download.wij+|Cv+@J:NGD_DQ{zcxLJS@IJV
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxdsimegnygoyikdvdwwwfuvatmxshyye
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 16:30 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\proquota.exe
2009-05-31 16:30 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-05-31 01:33 . 2009-05-31 01:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-31 01:33 . 2009-05-31 01:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-31 01:33 . 2009-05-31 01:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-31 01:33 . 2009-05-31 01:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-31 01:33 . 2009-05-31 16:11 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-31 01:33 . 2009-05-31 12:35 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-31 01:32 . 2009-05-31 01:32 -------- d-----w- c:\program files\AVG
2009-05-31 01:32 . 2009-05-31 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-31 00:05 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-30 17:21 . 2009-05-30 17:21 180 ----a-w- c:\documents and settings\Owner\Application Data\asd.bat
2009-05-29 21:40 . 2009-05-29 21:40 4257280 ----a-w- c:\documents and settings\Owner\Application Data\winav.exe
2009-05-24 13:48 . 2009-05-24 13:48 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-05-24 13:48 . 2009-05-24 13:48 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-05-24 13:46 . 2009-05-24 13:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-24 13:46 . 2009-05-24 13:46 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-05-24 13:11 . 2009-05-24 13:11 -------- d-----w- c:\windows\ie8updates
2009-05-24 13:11 . 2009-04-25 05:30 102400 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-05-24 13:06 . 2009-05-24 13:11 -------- dc-h--w- c:\windows\ie8
2009-05-23 13:01 . 2009-05-23 13:01 -------- d-----w- c:\windows\system32\LogFiles
2009-05-16 16:57 . 2009-05-16 16:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-16 16:57 . 2009-05-16 16:58 34061 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 16:06 . 2006-05-10 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2009-05-31 01:38 . 2009-01-24 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-31 01:16 . 2009-01-06 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-31 01:14 . 2009-01-06 18:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-31 01:14 . 2009-01-06 18:27 -------- d-----w- c:\program files\Symantec
2009-05-30 18:16 . 2006-05-10 21:15 -------- d-----w- c:\program files\Microsoft Works
2009-05-30 17:48 . 2009-01-08 23:54 5090 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-30 17:47 . 2009-02-04 15:49 -------- d-----w- c:\documents and settings\Owner\Application Data\EndNote
2009-05-30 17:34 . 2009-01-06 22:29 -------- d-----w- c:\program files\Norton Security Scan
2009-04-19 04:24 . 2009-04-19 04:24 -------- d-----w- c:\program files\iTunes
2009-04-19 04:24 . 2009-04-19 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 04:24 . 2009-04-19 04:24 -------- d-----w- c:\program files\iPod
2009-04-19 04:24 . 2009-01-06 19:12 -------- d-----w- c:\program files\Common Files\Apple
2009-04-19 04:19 . 2009-04-19 04:19 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 14:13 . 2006-05-10 20:56 -------- d-----w- c:\program files\Java
2009-04-06 14:12 . 2009-04-06 14:12 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-05 18:58 . 2009-04-05 18:45 -------- d-----w- c:\program files\Maxis
2009-04-05 18:45 . 2006-05-10 21:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-01-06 19:14 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:00 . 2009-03-16 20:00 217088 ----a-w- c:\documents and settings\All Users\Application Data\Fanhouse College Hoops Toolbar\ieToolbar\resources\en-US\fanhousencaatbres.dll
2009-03-09 09:19 . 2009-02-20 13:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2005-08-16 09:18 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2005-08-16 09:18 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2005-08-16 09:18 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2005-08-16 09:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2005-08-16 09:18 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2005-08-16 09:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2005-08-16 09:18 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2005-08-16 09:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2005-08-16 09:18 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2005-08-16 09:18 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-01-17 15:05 . 2009-01-06 20:55 88 --sh--r- c:\windows\system32\F837C7D743.sys
2009-01-17 15:05 . 2009-01-06 20:49 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7094b8b6-ba19-49fa-a5f0-7a63210e44cc}]
2009-03-16 20:02 1303848 ----a-w- c:\program files\Fanhouse College Hoops Toolbar\fanhousencaatb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"AVScan"="c:\documents and settings\Owner\Application Data\winav.exe" [2009-05-29 4257280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-31 1947928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-31 01:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2009 9:33 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2009 9:33 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/30/2009 9:32 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/6/2009 2:55 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-29 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-pidle - c:\documents and settings\Owner\Application Data\pidle\pidle.exe
HKLM-Run-yelafudage - c:\windows\system32\luraviza.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 12:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¨* Ć]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\AIM Toolbar\aimtbServer.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-05-31 12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 16:38

Pre-Run: 43,223,285,760 bytes free
Post-Run: 43,620,446,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

232 --- E O F --- 2009-05-31 01:39
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP