Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINPC antivirus


  • Please log in to reply
2 replies to this topic

#1 lmartin

lmartin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 May 2009 - 11:14 PM

HI, I have this on one of my computers, it has jammed it up, so it barely runs....... I can get in Safe mode.......it won't allow me to run any programs like spy bbot or Malaware. Can anyone help me get this out. Thx.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Laurier Martin at 20:29:16.93 on 14/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.852 [GMT -7:00]

AV: VIRUSfighter ver. 5.99 *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
AV: Shaw Secure 8.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\VIRUSfighter\Npm\Bin\Zanda.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\VIRUSfighter\Nvc\bin\NVCOA.EXE
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Documents and Settings\Laurier Martin\Desktop\Copy of dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Norman ZANDA] "c:\virusfighter\npm\bin\ZLH.EXE" /LOAD /SPLASH
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin f5d8053 n wireless usb adapter utility.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autorunsdisabled\-\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://sympatico.zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://photoshare.shaw.ca/files/ImageUploader4.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5342/mcfscan.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-11-13 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-5-4 79904]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\shaw secure\hips\drivers\fshs.sys [2008-11-13 66720]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2008-5-4 215648]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-17 10384]
R2 Ndiskio;Ndiskio;c:\virusfighter\nse\bin\Ndiskio.sys [2009-5-14 20448]
R2 Norman ZANDA;Norman ZANDA;c:\virusfighter\npm\bin\Zanda.exe [2009-5-14 408696]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2008-5-4 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2008-11-13 55904]
R3 nsesvc;Norman Scanner Engine Service;c:\virusfighter\nse\bin\Nsesvc.exe [2009-5-14 322616]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\virusfighter\nvc\bin\Nvcsched.exe [2009-5-14 146488]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S1 SuperMounter;SuperMounter; [x]
S3 CtUsbMs;Creative HID USB Filter Driver;c:\windows\system32\drivers\CtUsbMs.sys [2006-10-8 14720]
S3 nvcoas;Norman Virus Control on-access component;c:\virusfighter\nvc\bin\Nvcoas.exe [2009-5-14 183352]
S3 PCNat;PC-Nat Miniport;c:\windows\system32\drivers\pcnat.sys [2004-3-9 30336]
S3 ZD1211U(Blitzz Technology Inc.);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(Blitzz Technology Inc.);c:\windows\system32\drivers\ZD1211U.sys [2009-3-30 209408]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2008-5-4 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2008-5-4 25184]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-05-14 17:33 <DIR> --d----- c:\program files\Safer Networking
2009-05-08 19:12 13,601,528 a------- C:\virusfighter_en.exe
2009-05-06 17:54 28,672 a------- c:\windows\ieocx.dll

==================== Find3M ====================

2009-04-10 14:12 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-31 18:29 33,408 a------- c:\windows\system32\drivers\fsbts.sys
2009-03-21 07:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-11-02 11:07 22,328 a------- c:\docume~1\laurie~1\applic~1\PnkBstrK.sys
2008-07-19 10:58 61,224 a------- c:\documents and settings\laurier martin\GoToAssistDownloadHelper.exe
2002-08-29 03:00 94,784 -c-sh--- c:\windows\TWAIN.DLL
2008-04-13 17:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 17:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 17:12 11,776 a--sh--- c:\windows\system32\regsvr32.exe
2008-07-28 21:57 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072820080729\index.dat

============= FINISH: 20:30:39.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:23 AM

Posted 26 May 2009 - 05:47 PM

Hello lmartin

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:23 AM

Posted 06 June 2009 - 07:00 AM

This thread is being closed due to lack of response, it you need it reopened you can PM a moderator.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users